The Anatomy of a Windows Vista Web Attack

Almost two months after Microsoft bulletproofed Windows Vista against malformed animated cursors, the .ANI file format handling vulnerability is still exploited in the wild. Web-based malicious attacks deliver a great level of risk due to the fact that the exploits are independent from users interaction. In order to get infected all that a user has to do is to navigate to a malformed webpage. This type of attacks is known as drive-by-downloads and Windows Vista is as susceptible as the next operating system to becoming compromised. According to SophosLabs, the volume of websites hosting malicious code has increased significantly, and although it was made available to the general public just four months ago, Vista is already targeted.

"The start point of the infection chain in this case is a single page containing embedded iframe tags. Using embedded iframes is a useful technique to silently load additional web content when browsing a page (useful both legitimately and maliciously). As is typical with malicious attacks, the size of the embedded frame is set to either zero or very small (