ANI exploits

I’ve seen ANI alerts on my IPS units regarding three sites:

http://www.cursors-4u.com
http://www.htmate.com
http://www.htmate2.com
http://www.cute-spot.com
202.108.43.155 <–can’t get a domain for this one. File name that triggered the alert is: /mapabcsina/ime/images/curpic/drag.ani

htmate.com and htmate2.com are geared towards MySpace sites, which is pretty clever. Its funny to see how hideous the sites are. Reminds me of my first website, that had tons of animated gif’s everywhere and the obligatory “welcome to my corner of the Internet.” LOL

At any rate, you might consider blocking access to these sites if you have no other means of protection.

For more information about this topic

My Black Tuesday Routine
Micro defense in depth
Evaluating malware from a network perspective
Windows DNS/RPC Vulnerability
ANI Vulnerability: big fuggin’ deal
Build Security You Can Trust

For more information about this topic

Pages

Other Projects

Categories

Search