Beware of: html e-mails and “must see” hyperlinks

Read Why…

The Windows zero-day bug now being used by attackers is extremely dangerous, security researchers said Friday, and ranks with the Windows Metafile vulnerability of more than a year ago on the potential damage meter.

“This is a good exploit,” Roger Thompson, CTO of Exploit Prevention Labs, said in an instant message exchange. “It’s very dangerous. One of the reasons is that there’s no crash involved…it’s instantaneous. And all it takes is visiting a site.”

Read more Link: http://www.pcworld.com/article/id,130287-c,windowsbugs/article.html

A write up from a Security Research Company.

The most potent attack method is by embedding a malicious .ANI file within an HTML web page. Doing so allows the vulnerability to be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious web site. Other exploit vectors exist including Microsoft Office applications since they also rely on the same .ANI processing code, making e-mail delivery also a potent threat by using Microsoft Office attachments.

Source: http://research.eeye.com/html/alerts/zeroday/20070328.html

To lock down your computer, Microsoft Recommends you turn off images in your e-mail client.

Microsoft Advisory Link: http://www.microsoft.com/technet/security/advisory/935423.mspx

How to:-

Outlook 2003
Click on Tools
Select Options
Click the E-mail Options (it’s a button on the right hand side)
Tick Read all Standard Mail in Text.

Outlook2007
Click on Tools
Click on Trust Center > Email Security
Tick Read all Standard Mail in Text.

Outlook Express
Click on Tools
Select Options
Click the Read tab
Check the box labelled Read all messages in plain text.

Windows Mail (Windows Vista)
Go to Tools > Options > Security
Under Download Images > Tick Block Images….

Just be vigilant until Microsoft Release a patch for this vulnerability.

Update: For the Latest on this issue:
http://news.google.co.uk/nwshp?oe=UTF-8&tab=wn&ned=uk&ncl=1114970232&hl=en