Monday, April 02, 2007

The Russians are coming, the Russians are coming!

Ok, my tongue is firmly in my cheek with that title, but it has definitely happened. The new ANI is being used in an exploit package from a Russian website, along with SetSlice, VML, MS06-042, WinZip and QuickTime.

Our old friend Nick FitzGerald first noticed this in a big spam run, and alerted us to it, followed fairly quickly by the SpamHaus and WebSense guys.

This is actually the first time that we've seen WinZip and QuickTime used in conjunction with the SetSlice, VML and MS06-042, and together with the still-unpatched ANI exploit is bound to produce a lot of results for them.

Stay tuned and we'll let you know exactly what the payload is, although at a rough guess it's a keylogger. ;-)




Post a Comment

<< Home