Most Popular

Top Stories Latest Featured

Play Crysis Wars for free

Windows XP downgrades extended for 6 more months

Interview with Nvidia about CUDA and the future

Google and Yahoo postpone advertising deal

Firefox Mobile alpha coming "in a few weeks"

Warner Bros to release movies online before DVDs

Dish to pay TiVo $104 million

News from around the web (10/06/08)

More Top Stories

Downloads & Drivers

Downloads Drivers Essentials

DeviceLock 6.3 Build 16192

Google Chrome Beta 0.3.154.0 for Windows

32bit Web Browser 08.10.01

WinRescue XP 1.08.44

GoodSync 7.5.0

Image for Windows 2.20

AudioGrail 6.13.2.158

More Downloads

TS Community

Recent Discussions Community Archive

Xbox LIVE vs. Sony PSN

Core 2 duo, dual core, and Athlon64 X2 Dual Core

SATA II and Bluescreen

GTX 260 and power

RAID says its offline

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

IT

2,000 sites exploiting .ANI cursor flaw

By Justin Mann, TechSpot.com
Published: April 10, 2007, 3:48 PM EST

The cursor exploit which Microsoft is having so much fun with has become much more popular among exploiters lately. According to some estimates, there are more than 2,000 sites using this exploit to one end or another. Websense, who gathered these statistics, says that these sites are either directly hosting exploit code or are redirecting to sites with the code, and that the number of infected sites has risen dramatically since the exploit was made public last month.

Microsoft did release an emergency fix, outside of their regular patch cycle. How many people are unpatched or are unable to patch? Probably a lot, especially with the number of companies that delay patching for compatibility reasons. The nature of this exploit is such that immediate patching is a good idea, especially since it requires no interaction beyond visiting a compromised site. As the article mentions, it may be a long time before we see the end of this one.

1 comment
RSS

User Comments (1)

Post a comment
phantasm66
on April 10, 2007
4:20 PM		I read a XSS for this written in java script , and it was completely simple and easy to follow. Nothing to it at all, really.

Browse more commented news