Despite patch, Microsoft ANI exploits attack through the weekend

Share this article:

Six days removed from Microsoft's emergency fix for the dangerous ANI handling vulnerability, spammers are turning to an old friend to get their scams to the masses.

Cybercrooks are using fax machines – a spamming vector used far less since the rise of email – to mass deliver phishing messages that dupe recipients into visiting websites hosting ANI exploits, according to Roger Thompson of Exploit Prevention Labs.

"While we find it highly amusing, I guess it must work at least a bit or the bad guys wouldn’t keep doing it," he said Sunday on his blog. "What this means is…watch out for faxes."

Meanwhile, new websites have emerged that either are hosting the ANI exploit or contain iFrames, or embedded links, that point users to a compromised site.

Among the domains hosting iFrames is the website for Asustek Computer, a large Taiwan-based hardware manufacturer, said Roel Schouwenberg of Kasperky Lab.

"This latest case shows that you can get infected when visiting legitimate sites, so you should always install patches as soon as you can," he said.

An Asustek spokesperson could not be reached for comment.

Chinese websites are still the most pronounced hosts of the exploit, Thompson said. Many of the sites are being hacked multiple times by different criminal organizations, he added.

Criminals are using a combination of the ANI exploit and two other previously fixed flaws, one affecting vector markup language and data access components, Thompson said.

The multiple hacks are making it difficult for researchers to analyze the situation, he said.

"We can typically figure out who we’re dealing with by examining which exploit combinations are being used, together with how they’re encrypted, together with the payload. But the cross-hacks, with their sheer volumes, make it really tough going, albeit very interesting," he said.

Click here to email reporter Dan Kaplan.



Looking for a new job? SC Magazine has the latest employment opportunities in IT Security. Click here for our jobs page.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.