Sophos has suggested Web users to repair their PCs against a flaw in the way Microsoft Windows deals with animated cursors (ANI), as hackers seem to misuse the problem by making use of pictures of pop star Britney Spears. Truly speaking, I was also victimized by the malicious emails, so beware. The spammed emails are so malicious that on being clicked, they land the online users to hacked PHP websites promising candid pictures of the disturbed singer. PHP, a scripting language utilized by loads of websites, has gone through critical security flaws in the past.
The first campaign started on March 30 with just a link to a Russian website. The site is consisted with a script that indicated a zero-day exploit of Microsoft’s ANI flaw. At this phase the emails did not have any graphics, rather miss spelt the phrase “britney spears naked” in the subject line in order to steer clear of detection.
From the time, the hackers’ invasion has developed. In the past few days email messages with subject lines like “Hot pictures of Britiney Speers” have been disseminated. These emails included an implanted image of the poorly clad pop star which connected to a nasty website to set off the animated cursor exploit.
