Thoughts on the Windows Animated Cursor Exploit

The big news in computer security land is the latest animated mouse cursor problem. It's been getting a lot of press in the computer world, and has resulted in the Internet Storm Center ( http://isc.sans.org ) raising their 'threat level' to yellow.

This exploit can be triggered by a link in email, or going to a infected web page. And it can result in letting the hacker execute programs on your computer.

Now, that's not a good thing. But my current thinking, which I haven't seen disproved, is that my protection against such an exploit can be mitigated by safe computing practices, including current anti-virus protection.

Here's my thoughts.

Assuming that I have current AV running (happens to be McAfee Viruscan), if I visit an ani-evil site, the ani-exploit might work. But wouldn't the subsequent actions of the ani-exploit be sensed and blocked by my AV?

For example, if the ani-evil site attempted to download and run a keystroke logger, wouldn't that action of trying to download (or even load) the keystroke logger program get caught by my current AV?

My point is that the zero-day action may not be caught, but the subsequent actions of downloading/executing malware *would* be caught by a current AV-protected system, with a good firewall.

And in all the hysteria about this exploit, I am not convinced that the exploit, while real, will cause a 'safe computing person' like me any problems.