Latest Windows Exploit Spreads, ZERT Issues Fix - InformationWeek
02:32 PM

Latest Windows Exploit Spreads, ZERT Issues Fix

The ActiveX-based exploit is widely known, easy to re-create, and used on an increasing number of sites, according to one security alert.

Microsoft said it is working overtime to fix a flaw in Windows that a security company noted on Monday could soon be used by as many as 600 malicious Web sites.

Multiple versions of exploit code for the vulnerability in the "WebViewFolderIcon" ActiveX control -- also dubbed the "setslice" bug by some security organizations -- has been spotted on the Web, said the SANS Institute's Internet Storm Center Monday. ISC raised its Internet threat status warning to "Yellow" on Friday to account for the spreading code.

"The exploit is widely known, easy to recreate, and used on more and more websites," the ISC alert read. "The risk of getting hit is increasing significantly and the type of users of the exploit are also not the least dangerous ones. Some of the exploits are believed to be linked to CWS (CoolWebSearch), which is notoriously hard to remove." (CoolWebSearch is an adware package that tracks users movements on the Web that one anti-spyware vendor warns to "handle with care!")

San Diego-based Websense has spotted the new exploit being used on a few of the sites collectively known as "IFRAME Cash," the term taken from that describes affiliates which push unpatched exploits to a large number of other Web sites.

"The fact that they are using the exploit code poses a significant risk due because their ability to attract users to sites via search engines and e-mail spam campaigns," Websense warned. "We have more than 600 active sites that have IFRAME cash-placed code on them. This does not mean that all sites have the recent zero-day code but it does mean that they potential to because they mostly point back to main 'hub servers,'" the alert continued.

Other researchers also sounded the alarm bell. "[These people] like to hack into completely innocent sites, and install an IFRAME, thus turning them into unwitting lures," wrote Roger Thompson, chief technology officer at Exploit Prevention Labs, in a blog entry. "And they like to find bulletin boards that are open enough for them to insert their IFRAME."

Microsoft said it was pushing for a patch. "We are working overtime to help get all of you more secure," said Lennart Wistrand, a program manager at the company's Security Response Center (MSRC), in an entry written late Friday.

Although the Redmond, Wash. developer has not issued a fix -- it's shooting for Oct. 10 -- the independent Zeroday Emergency Response Team (ZERT) has produced an unsanctioned patch that should stymie attacks. ZERT, which first popped into the news Sept. 22 when it beat Microsoft to the VML fix punch by 4 days, has updated its ZProtector framework to account for the new vulnerability. The fix can be downloaded from here.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll