Microsoft: Attacks on Windows Flaw Rise
Hackers stepped up attacks Friday on computers running some versions of Windows, a day after Microsoft disclosed a hole related to the mouse cursor.
Microsoft Corp. sent out a security advisory Thursday warning customers that a vulnerability in ".ani" files -- used to change the cursor into an hourglass while a program works, or into a dancing animal or other animation on specially designed Web sites -- was allowing hackers to break into computers and install malicious software.
"Overnight we did see the attacks change from limited and targeted attacks to slightly more, but do still categorize it as a limited attack," said Mark Miller, director of the software maker's security response group.
The so-called zero-day attack, a vulnerability that is discovered before Microsoft has a chance to fix the problem, is aimed at PCs running Windows Vista, the new operating system that the company has touted as its most secure. The hole has also been found on Windows 2000 Service Pack 4, Windows XP Service Pack 2 and some versions of Windows Server 2003.
Once hackers have access to a computer, they can install any number of nasty programs -- ones that steal passwords or record keystrokes, which the hackers could then sell to identity thieves.
Microsoft first learned of the vulnerability in December, and has been working on a patch since, Miller said. He did not say whether it would be distributed on its own or as part of a scheduled update.
On Wednesday, security software vendor McAfee Inc. saw a post on a Chinese message board indicating hackers were planning to exploit the hole, which set Microsoft's security advisory in motion.
"It is important to note that while we do think Vista is the most secure operating system released, no software is 100 percent secure," Miller said.
Computer users could end up with a malicious program on their PC after a Web browsing session and not know it, said Craig Schmugar, a virus researcher for McAfee Avert Labs, the research arm of McAfee.
So far, he said, attacks have been limited to Web surfing with Internet Explorer versions 6 or 7. Firefox, the open-source browser from Mozilla, does not yet seem vulnerable. While Microsoft urged people to be extremely cautious with e-mail, security companies said they have not seen any instances of attacks via e-mail.
While it's hard to tell what hackers will do once they have access to a computer, a group of Chinese hackers may be plotting to steal login information for the wildly popular multi-player video game, World of Warcraft. People who buy the stolen login information can profit by selling items inside the game world, said Ken Dunham, director of the rapid response team at iDefense, the research division of VeriSign Inc.
Dunham said his team learned of the plan on a Chinese hacker message board.