Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Latest Windows Exploit Spreads, ZERT Issues Fix

Microsoft said it is working overtime to fix a flaw in Windows that a security company noted on Monday could soon be used by as many as 600 malicious Web sites.

Multiple versions of exploit code for the vulnerability in the "WebViewFolderIcon" ActiveX control -- also dubbed the "setslice" bug by some security organizations -- has been spotted on the Web, said the SANS Institute's Internet Storm Center Monday. ISC raised its Internet threat status warning to "Yellow" on Friday to account for the spreading code.

"The exploit is widely known, easy to recreate, and used on more and more websites," the ISC alert read. "The risk of getting hit is increasing significantly and the type of users of the exploit are also not the least dangerous ones. Some of the exploits are believed to be linked to CWS (CoolWebSearch), which is notoriously hard to remove." (CoolWebSearch is an adware package that tracks users movements on the Web that one anti-spyware vendor warns to "handle with care!")

San Diego-based Websense has spotted the new exploit being used on a few of the sites collectively known as "IFRAME Cash," the term taken from iframecash.biz that describes affiliates which push unpatched exploits to a large number of other Web sites.

"The fact that they are using the exploit code poses a significant risk due because their ability to attract users to sites via search engines and e-mail spam campaigns," Websense warned. "We have more than 600 active sites that have IFRAME cash-placed code on them. This does not mean that all sites have the recent zero-day code but it does mean that they potential to because they mostly point back to main 'hub servers,'" the alert continued.

  • 1