In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 04

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

2 April 2007

Animated cursor worm proactively stopped by Sophos Microsoft to release out-of-cycle patch against zero day vulnerability

The critical vulnerability in Microsoft's software has been exploited by an in-the-wild worm

Sophos, a world leader in IT security and control, has proactively protected users against a new worm which exploits a zero day vulnerability in the way that Microsoft Windows handles animated cursors (.ANI files).

The worm, which Sophos proactively detects using Behavioral Genotype® Protection as Mal/Behav-010 without requiring an update, infects executable and HTML files.

Sophos's Behavioral Genotype Protection has been developed by the experts at SophosLabs™, Sophos's global network of research and development centers. Unlike competing products, which monitor running code and intercept suspicious behavior once it has occurred, Sophos's HIPS technology completely prevents malware from executing, identifying it at the gateway, on fileservers and at the endpoint. The malicious code is intercepted before it can cause any harm.

Microsoft has announced that it plans to issue an out-of-cycle security update on Tuesday 3 April to address the critical vulnerability in its code.

"Normally Microsoft releases security patches on the second Tuesday of the month. Clearly the danger that the ANI vulnerability represents has encouraged them to release a patch as quickly as possible, which is good news for vulnerable internet users," said Graham Cluley, senior technology consultant for Sophos. "The fact that a worm has been seen in-the-wild exploiting the Microsoft security bug has raised the stakes over the weekend. Proactive protection has ensured that Sophos customers are not at risk from this viral attack."

Microsoft has published an advisory on its website which discusses the vulnerability.

• Read the security advisory from Microsoft: "Vulnerability in Windows Animated Cursor Handling"

Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Malicious animated cursors exploit unpatched Microsoft vulnerability
• Sophos technology stops unknown malware threats before they execute
• Sophos beats Symantec and McAfee in zero-day threat test