TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_ANICMOO.AX
Overview
Solution

Malware type: Trojan

Aliases: Trojan.Anicmoo(Symantec), Troj/Animoo-O(Sophos), Exploit.Win32.IMG-ANI.ac(Kaspersky), EXP/Ani.Intended.Gen(Avira), CVE-2007-1765 (not disinfectable)(F-Prot)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP, Server 2003, Vista

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_ANICMOO.AX Behavior Diagram

Malware Overview

This Trojan may arrive on a system as a specially crafted animated cursor (.ANI) file downloaded from the Internet by unsuspecting users. It may be downloaded by on a system via a specially crafted HTML email message.

It takes advantage of a vulnerability in the way Windows handles animated cursor files (.ANI). More information regarding this vulnerability can be found on the following Microsoft Web page:

It uses the said vulnerability to download and execute files from several URLs. One of the downloaded files is detected by Trend Micro as TROJ_SMALL.DRF. As a result, routines of the downloaded Trojan may also be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 29, 2007 1:46:40 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.