Count a website touting racy photos of former pop diva Britney Spears as one of about 450 that are hosting the dangerous ANI exploit, patched on Tuesday by Microsoft in an emergency release.
A number of compromised sites containing IFrames, which permit the embedding of HTML documents inside a main document, are contributing to the spread of exploits, according to researchers. In this case, the IFrames are pointing to a site hosting the ANI exploit.
Roger Thompson, CTO and chief researcher of Exploit Prevention Labs, said Tuesday on his blog that the IFrame "lures" are leading to a site installing a Rustok rootkit.
"They have a strong and large system of lures, so this is a pretty good escalation of events," Thompson said. "Good thing the patch came out today."
In addition, Thompson reported "large numbers" of hacked sites, mostly based in China, are hosting similar payloads.
Meanwhile, more details emerged late Tuesday about the lead-up to Microsoft’s patch release. Mike Reavey of the Microsoft Security Response Center said the company first received word of the vulnerability on Dec. 20, but the fix had to go through a lengthy building and testing process before it was ready for release.
Microsoft suggests applying the accompanying hotfix.
Click here to email reporter Dan Kaplan.
Looking for a new job? SCMagazine.com has the latest IT security employment opportunities. Click here for our jobs page.