02:32 PM
Connect Directly
Repost This

Latest Windows Exploit Spreads, ZERT Issues Fix

The ActiveX-based exploit is widely known, easy to re-create, and used on an increasing number of sites, according to one security alert.

Microsoft said it is working overtime to fix a flaw in Windows that a security company noted on Monday could soon be used by as many as 600 malicious Web sites.

Multiple versions of exploit code for the vulnerability in the "WebViewFolderIcon" ActiveX control -- also dubbed the "setslice" bug by some security organizations -- has been spotted on the Web, said the SANS Institute's Internet Storm Center Monday. ISC raised its Internet threat status warning to "Yellow" on Friday to account for the spreading code.

"The exploit is widely known, easy to recreate, and used on more and more websites," the ISC alert read. "The risk of getting hit is increasing significantly and the type of users of the exploit are also not the least dangerous ones. Some of the exploits are believed to be linked to CWS (CoolWebSearch), which is notoriously hard to remove." (CoolWebSearch is an adware package that tracks users movements on the Web that one anti-spyware vendor warns to "handle with care!")

San Diego-based Websense has spotted the new exploit being used on a few of the sites collectively known as "IFRAME Cash," the term taken from that describes affiliates which push unpatched exploits to a large number of other Web sites.

"The fact that they are using the exploit code poses a significant risk due because their ability to attract users to sites via search engines and e-mail spam campaigns," Websense warned. "We have more than 600 active sites that have IFRAME cash-placed code on them. This does not mean that all sites have the recent zero-day code but it does mean that they potential to because they mostly point back to main 'hub servers,'" the alert continued.

Other researchers also sounded the alarm bell. "[These people] like to hack into completely innocent sites, and install an IFRAME, thus turning them into unwitting lures," wrote Roger Thompson, chief technology officer at Exploit Prevention Labs, in a blog entry. "And they like to find bulletin boards that are open enough for them to insert their IFRAME."

Microsoft said it was pushing for a patch. "We are working overtime to help get all of you more secure," said Lennart Wistrand, a program manager at the company's Security Response Center (MSRC), in an entry written late Friday.

Although the Redmond, Wash. developer has not issued a fix -- it's shooting for Oct. 10 -- the independent Zeroday Emergency Response Team (ZERT) has produced an unsanctioned patch that should stymie attacks. ZERT, which first popped into the news Sept. 22 when it beat Microsoft to the VML fix punch by 4 days, has updated its ZProtector framework to account for the new vulnerability. The fix can be downloaded from here.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.