ANI Trojan Sticks It to Popular Geek Hardware Site Visitors

More than a month after Microsoft patched the .ANI vulnerability, Tom's Hardware has found the W32.ani Trojan lurking in one of its banner ads. ScanSafe, a managed Web security services company, found that Tomshardware.com was unknowingly hosting the banner ad, which was redirecting users to a site hosted in Argentina from where the driveby malware was automatically downloaded. The banner ad was up, infecting victims with unpatched systems, for 24 hours. When ScanSafe contacted Tom's Hardware, they were told that the site had already learned of the Trojan from its victims.

According to a media kit on Tom's Hardware, the site gets more than 5 million unique page views from more than 1.9 million unique visitors monthly. The incident illustrates the current status of malware worming its way into places that many people wouldn't expect them to be. Thanks to irresponsible administration of advertisement systems, people can no longer rely on the URL as a sign of whether any external links or links from ads on it are potentially dangerous.

News source: eWeek

Report a problem with article
Previous Story

Vonage may have alternative to disputed patents

Next Story

AMD to Cut More Than 400 Jobs

20 Comments

Commenting is disabled on this article.

boogerjones said,
Lets see the ******* get through NoScript and ABP. Then I'll start to worry.

Just wondering, how does NoScript stop an animated cursor from displaying and a bogus animated cursor from being a remote program loader? Since it's not being loaded with scripting?

Reminds me of the time there was a Trojan in one of the ads here on Neowin. I contacted a group of admins, and when no one responded I made a forum post asking what the deal was, and was sunsequently banned. Now, I'm not bitter or anything (hey, I'm still here! ) but this kind of thing happens more often then people think.

Everyone knows that tom's hardware is REALLY bad. Who cares?

Hopefully it'll put people off visting it!

By the way, use vlite when you have vista 'ultimate' to install because vista runs really well without most of the new features installed - stuff like defender, indexing, and the like removed from the install image makes it a NICE OS. 2gb vista image down to around 600mb for a fully needful-featured install :)

Have fun!

What's wrong with Windows Defender? It'll help cut down on the spread of malware dramatically alongside UAC, for those who know very little about computers and would've had a mess of malware on an unprotected XP system.

MajinDark said,
What's wrong with Windows Defender? It'll help cut down on the spread of malware dramatically alongside UAC, for those who know very little about computers and would've had a mess of malware on an unprotected XP system.

Personally I find Windows Defender to be a decent anti-malware program, and as you stated for people who are computer illiterate some protection is better than none at all. Hopefully it'll help curb the amount of infected computers in the next year or so.

Also glad to see UAC implemented too, though I've noticed that the majority of people that I've dealt with have become so used to it they allow anything that pops it up without taking a second glance at it. Oh well, can only do so much to protect some users from themselves...

Hello,

The vulnerability is actually in the USER32.DLL file, which is a core part of Microsoft Windows, not Internet Explorer. The Zeroday Emergency Response Team (ZERT) issued an advisory about it here along with their own patch, and there is a detailed analysis of the vulnerability here on their web site as well. If you are running Microsoft Windows 2000 or later, your computer should have downloaded the MS07-017 patch from Microsoft in April. If you are using an older version of Windows which is no longer supported by Microsoft then you could try installing one (or both) of the third-party patches created by eEye and ZERT.

Anti-virus programs should be intercepting malware exploiting the vulnerability, so, if for some reason you cannot patch your system you should still be protected as long as your security software is up-to-date.

Regards,

Aryeh Goretsky

So, do you run Microsoft Baseline Security adviser very often? Sometimes it pays to verify that automatic updating thing works.

Working in retail, I always have customers complaining about things like this and then blaming Microsoft... But they NEVER have Windows update turned on.
TOP 5 REASONS FOR HAVING WINDOWS UPDATES TURNED OFF:

5 - I don't have broadband...
Then you'll just have to be patient and wait for the files to download. (Note - broadband is cheap and relatively common in my area of the world)

4 - It clutters up my computer and makes it slower.
Umm... No.

3 - It causes more problems than it fixes.
"That's what my elite computer knowing friend tells me."

2 - I have Norton Antivirus.
Yes that's right, Norton replaces the need for Windows update...

1 - Microsoft will steal my information.
Microsoft cares that you look up porn. They need to know which dirty sites to add to the MSN collective.

mrmckeb said,
Working in retail, I always have customers complaining about things like this and then blaming Microsoft... But they NEVER have Windows update turned on.
TOP 5 REASONS FOR HAVING WINDOWS UPDATES TURNED OFF:

5 - I don't have broadband...
Then you'll just have to be patient and wait for the files to download. (Note - broadband is cheap and relatively common in my area of the world)

4 - It clutters up my computer and makes it slower.
Umm... No.

3 - It causes more problems than it fixes.
"That's what my elite computer knowing friend tells me."

2 - I have Norton Antivirus.
Yes that's right, Norton replaces the need for Windows update...

1 - Microsoft will steal my information.
Microsoft cares that you look up porn. They need to know which dirty sites to add to the MSN collective.


My reasons?
You're talking about Automatic Updates, not Windows Updates. Get your names straight.
Windows Update is a website. Automatic updates is a service built into Windows 2000 and newer.

Also, some people don't want IE 7, so we don't they don't run with Automatic Updates enabled. Yiu can blame Microsoft for pushing IE7 so aggressively before you start blaming people for being stupid or whatever the point of your post was.

Croquant said,
My reasons?
You're talking about Automatic Updates, not Windows Updates. Get your names straight.
Windows Update is a website. Automatic updates is a service built into Windows 2000 and newer.

Also, some people don't want IE 7, so we don't they don't run with Automatic Updates enabled. Yiu can blame Microsoft for pushing IE7 so aggressively before you start blaming people for being stupid or whatever the point of your post was.

- In Vista, the program/feature is called Windows Update, or Microsoft Update if you want your office to be updated too...
- Microsoft released a patch so that users not wanting IE7 can stop it from downloading automatically.

As much of the world uses IE and because IE7 was a big improvement in wbe security, I don't blame them for 'pushing' it upon users. I would rather it be pushed upon my grandmother, than for her to not select it as an optional update and have some sort of security problem (and a lessened browser experience) as a result of her computer illiteracy.

And yes, my point was that anyone STILL being affected by the ANI flaw only has themselves to blame. If a cure for balding men was discovered and I ignored it and then went bald, who's fault is that? (Hint: The answer isn't Microsoft) :P

^^ PRICELESS :P

Great play on words and stereotypes.

Yes... It's great to know that the particular vulnerability is found only on Windows-based computers, but I still don't like it when people think Mac OS X, Linux/Unix and other POSIX operating systems are completely invulnerable. They aren't, and soon enough there will be a big situation like the .ANI cursor vulnerability to prove it, although it's more likely an update will be applied sooner rather than later. (Microsoft knew of the issue for some time, as I recall, and neglected to patch it.)