Just last March, TROJ_ANICMOO.AX made a name for itself by exploiting a vulnerability in the way Windows handles animated cursors. In the form of a malicious .ANI file, this Trojan is known to download other malware from certain URLs. Now, two months after its discovery, TROJ_ANICMOO.AX is still around, being hosted by malicious websites such as this one.
This particular site has been disabled by its hosting company because of the malware that it contains, among them TROJ_ANICMOO.AX. Aside from this malware, two more Trojans can be downloaded from this site: TSPY_LDPINCH.AHY (which is reputed to be a password stealer) and TROJ_AGENT.RZR.
The proliferation of sites with malware content is becoming the mainstream vector for malware distribution. Users are advised not to visit untrusted sites. As a security measure, users can use Google to search for the URL first, instead of directly accessing it. The search result (like the one illustrated above) is most likely to give you a heads up warning if it hosts malicious content or not.
Share this article