also @ TechSpot: Asus Crosshair III Formula motherboard review

Most Popular

Top Stories  Just in   Featured 

11 awesome applications you've never heard of  featured

Microsoft to offer three-user Windows 7 Family Pack?

USB 3.0-equipped PCs due before end of the year

Apple issues advice on iPhone 3GS overheating

Firefox 3.5 breaks 5 million downloads in 24 hours

Psystar emerges from bankruptcy with new hardware

Fallout 3 gets 50% price cut on Steam this weekend

Windows 7 unlikely to affect SSD sales?

More Top Stories

Downloads & Drivers

Downloads   Drivers  

Zortam Mp3 Media Studio 9.40

Xplorer2 Lite 1.7.2.7

DVD Flick 1.3.0.7

McFunSoft Audio Editor 6.7.13.7

FileZilla 3.2.6.1

More Downloads

TS Community

Recent Discussion   User Gallery  

Dell accidentally sells 19-inch monitors for $15 in Taiwan

Audio Is Out - Compaq Evo D5 Desktop PC

Drive diagnostic utilities compendium

Check this new rig out

Secure file and print sharing

More at the Forum

Subscribe

Newsletter Our Feeds

Receive weekly updates on new articles, news and contests in your mail!

Email address:

Information Technology

2,000 sites exploiting .ANI cursor flaw

By Justin Mann, TechSpot.com
Published: April 10, 2007, 3:48 PM EST
The cursor exploit which Microsoft is having so much fun with has become much more popular among exploiters lately. According to some estimates, there are more than 2,000 sites using this exploit to one end or another. Websense, who gathered these statistics, says that these sites are either directly hosting exploit code or are redirecting to sites with the code, and that the number of infected sites has risen dramatically since the exploit was made public last month.

Microsoft did release an emergency fix, outside of their regular patch cycle. How many people are unpatched or are unable to patch? Probably a lot, especially with the number of companies that delay patching for compatibility reasons. The nature of this exploit is such that immediate patching is a good idea, especially since it requires no interaction beyond visiting a compromised site. As the article mentions, it may be a long time before we see the end of this one.

1 comment
RSS

User Comments (1)

Post a comment
phantasm66
on April 10, 2007
4:20 PM		I read a XSS for this written in java script , and it was completely simple and easy to follow. Nothing to it at all, really.

Browse more commented news