There have been reports of a worm currently on the loose which is exploiting the recently discovered ANI vulnerability within Windows. 

The Chinese Internet Security Response Team has been reporting the existence of this worm after receiving reports of the worm. It has also been confirmed by F-Secure too as they have received a small number of reports.

The worm appears to have similar behaviour as ‘Worm.Win32.Fujacks’, it infects various files that can contain HTML inserting links to a malicious ANI file that contains an exploit for the ANI handling vulnerability.

It is early days to see if this is going to be widespread, the worm has been released over the weekend. This is usually a quiet time for worms, we’ll see if it becomes a little more widespread on Monday. The variants that have been seen so far however are being detected by some Anti-Virus products and it seems that the author is updating the worm to alter it to avoid detection already.

Also some of the download sites that the author is using to store the virus executables are being closed down pretty quickly so it could be that this will be nothing more than a faint blip in the grand scheme of things.

You can see more detail in the analysis by the Chinese Internet Security Response Team here. 

Add this page to your favorite Social Bookmarking websites