2,000 sites exploiting .ANI cursor flaw

By Justin Mann on April 10, 2007, 3:48 PM
The cursor exploit which Microsoft is having so much fun with has become much more popular among exploiters lately. According to some estimates, there are more than 2,000 sites using this exploit to one end or another. Websense, who gathered these statistics, says that these sites are either directly hosting exploit code or are redirecting to sites with the code, and that the number of infected sites has risen dramatically since the exploit was made public last month.

Microsoft did release an emergency fix, outside of their regular patch cycle. How many people are unpatched or are unable to patch? Probably a lot, especially with the number of companies that delay patching for compatibility reasons. The nature of this exploit is such that immediate patching is a good idea, especially since it requires no interaction beyond visiting a compromised site. As the article mentions, it may be a long time before we see the end of this one.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.