News

Attacks on Windows Flaw Rise

Hackers stepped up attacks Friday on computers running some versions of Windows

(Seattle) Hackers stepped up attacks Friday on computers running some versions of Windows, a day after Microsoft disclosed a hole related to the mouse cursor. Microsoft Corp. sent out a security advisory Thursday warning customers that a vulnerability in ".ani" files -- used to change the cursor into an hourglass while a program works, or into a dancing animal or other animation on specially designed Web sites -- was allowing hackers to break into computers and install malicious software.

"Overnight we did see the attacks change from limited and targeted attacks to slightly more, but do still categorize it as a limited attack," said Mark Miller, director of the software maker's security response group.

The so-called zero-day attack, a vulnerability that is discovered before Microsoft has a chance to fix the problem, is aimed at PCs running Windows Vista, the new operating system that the company has touted as its most secure. The hole has also been found on Windows 2000 Service Pack 4, Windows XP Service Pack 2 and some versions of Windows Server 2003.

Once hackers have access to a computer, they can install any number of nasty programs -- ones that steal passwords or record keystrokes, which the hackers could then sell to identity thieves.

Microsoft first learned of the vulnerability in December, and has been working on a patch since, Miller said. He did not say whether it would be distributed on its own or as part of a scheduled update.

On Wednesday, security software vendor McAfee Inc. saw a post on a Chinese message board indicating hackers were planning to exploit the hole, which set Microsoft's security advisory in motion.

"It is important to note that while we do think Vista is the most secure operating system released, no software is 100 percent secure," Miller said.

Computer users could end up with a malicious program on their PC after a Web browsing session and not know it, said Craig Schmugar, a virus researcher for McAfee Avert Labs, the research arm of McAfee.

So far, he said, attacks have been limited to Web surfing with Internet Explorer versions 6 or 7. Firefox, the open-source browser from Mozilla, does not yet seem vulnerable. While Microsoft urged people to be extremely cautious with e-mail, security companies said they have not seen any instances of attacks via e-mail.

While it's hard to tell what hackers will do once they have access to a computer, a group of Chinese hackers may be plotting to steal login information for the wildly popular multi-player video game, World of Warcraft. People who buy the stolen login information can profit by selling items inside the game world, said Ken Dunham, director of the rapid response team at iDefense, the research division of VeriSign Inc.

Dunham said his team learned of the plan on a Chinese hacker message board.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.