RE: ANI Exploits in Spam
From: James C. Slora, Jr. (james.slora_at_phra.com)
Date: 03/29/05
- Previous message: Britton, Jeff B.: "RE: ANI Exploits in Spam"
- Maybe in reply to: James C. Slora, Jr.: "ANI Exploits in Spam"
- Next in thread: James C Slora Jr: "RE: ANI Exploits in Spam"
- Reply: James C Slora Jr: "RE: ANI Exploits in Spam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Mar 2005 11:25:08 -0500 To: <incidents@securityfocus.com>
Britton, Jeff B. wrote Tuesday, March 29, 2005 11:00 AM
> I notice the same trend. ANI files seem to be coming from:
> (some name).sitemynet.com\*.ani
> If possible, I would block sitemynet.com (212.101.97.230).
Keep in mind this is only mildly and temporarily effective. Sites and
file names can and probably will change without warning. The ANI files
download sdbot from a totally different address which will also likely
change.
Better blocking might involve screening cursor styles out of email,
reading messages in Plain Text, and ensuring machines are patched for
MS05-002. ANR and ANI exploits are in the wild on the web, used by
adware installers and other miscreants. So the patch is the most
important of all.
- Previous message: Britton, Jeff B.: "RE: ANI Exploits in Spam"
- Maybe in reply to: James C. Slora, Jr.: "ANI Exploits in Spam"
- Next in thread: James C Slora Jr: "RE: ANI Exploits in Spam"
- Reply: James C Slora Jr: "RE: ANI Exploits in Spam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
