The ANI exploit and CounterSpy and Ninja

This exploit is something of concern. 

Some updates:

CounterSpy: CounterSpy detects the Ani exploit as “Trojan-Exploit.Anicmoo.ax (v)” in definition set 526.  Incidentally, VirusTotal coverage as of 1:30 CET today here.

Ninja: Since email is a potential attack vector, securing that area is of some importance.  The full version of our Ninja Email Security product includes two AV engines — Authentium and BitDefender.  However, many customers only run the antispam portion of Ninja.  So while the BitDefender AV engine in Ninja does detect these malformed .ani files, this will only be useful to customers if they’re using Ninja’s AV functionality.

However, Ninja does include intelligent attachment filtering, which looks past the extensions of many file formats to see what type of file is actualy bein sent.  So we just posted an updated set of SMART definitions for anyone using Ninja 2.1.xxx which will allow you to create an attachment filtering rule to block .ani files regardless of what they have been named. In this way even if you’re not using Ninja’s AV functionality you can still block these files from getting to your users. 

Alex Eckelberry

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s