This exploit is something of concern.
Some updates:
CounterSpy: CounterSpy detects the Ani exploit as “Trojan-Exploit.Anicmoo.ax (v)” in definition set 526. Incidentally, VirusTotal coverage as of 1:30 CET today here.
Ninja: Since email is a potential attack vector, securing that area is important. The full version of our Ninja Email Security product includes two AV engines — Authentium and BitDefender. However, many customers only run the antispam portion of Ninja. So while the BitDefender AV engine in Ninja does detect these malformed .ani files, this will only be useful to customers if they’re using Ninja’s AV functionality.
However, Ninja does include intelligent attachment filtering, which looks past the extensions of many file formats to see what type of file is actualy bein sent. So we just posted an updated set of SMART definitions for anyone using Ninja 2.1.xxx which will allow you to create an attachment filtering rule to block .ani files regardless of what they have been named. In this way even if you’re not using Ninja’s AV functionality you can still block these files from getting to your users.
Alex Eckelberry