Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      Crime Ring Targets IE Setslice Flaw

      Written by

      Ryan Naraine
      Published October 9, 2006
      Share
      Facebook
      Twitter
      Linkedin

        eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

        In-the-wild exploits against the latest unpatched Windows vulnerability have started circulating, using Internet Explorer as the attack vector to load identity theft Trojans and rootkits on infected machines.

        The exploits target a Windows Shell vulnerability that was first released during the Month of Browser Bugs project in July. The project was kicked off by security researcher HD Moore (famous for creating the open-source penetration testing tool Metasploit).

        The exploits are being launched by a known cyber-crime organization operating out of Russia, according to virus hunters tracking the threat.

        Microsoft has released an advisory with prepatch workarounds. Executives have said an official update is on tap for delivery Oct. 10.

        The attack uses IE to trigger an integer overflow error in the “setSlice()” method in the “WebViewFolderIcon” ActiveX control. Microsoft recommends that IE users disable attempts to instantiate the ActiveX control by setting the kill bit for the control in the registry.

        According to Exploit Prevention Labs, a company that provides zero-day protection tools, two online groups of criminals are hacking into legitimate Web sites and message boards and quietly planting a malicious HTML tag called an iFrame on the sites.

        When a Web surfer visits one of the maliciously rigged sites, his or her browser is redirected to an exploit server operated by the gang. The gang then attempts to deposit up to eight exploits onto the users computer.

        “These guys have a huge network of lures drawing traffic in from legitimate search engines,” said Roger Thompson, chief technology officer at Exploit Prevention Labs, in Atlanta.

        The iFrame exploit technique has spawned a lucrative business for underground hackers. The groups use an affiliate model that offers cash for Web site owners who use the iFrame code. In one known case, at iFrameDollars.biz, the so-called affiliate program pays 55 cents per install or $55 for 1,000 unique installs of a 3KB program that “changes the homepage and installs toolbar and dialer,” according to the Web sites Terms page.

        The escalation of the latest attacks, which come just a week after the Sept. 18-19 VML (Vector Markup Language) exploits that also targeted IE users began, has prompted the release of another batch of third-party fixes from security researchers.

        Determina, in Redwood City, Calif., has shipped a run-time fix for the vulnerability. It can be applied to Windows 2000, Windows XP and Windows 2003 systems. The fix patches the vulnerable code in memory without modifying any files on disk.

        The nonprofit ZERT (Zeroday Emergency Response Team) has endorsed the Determina patch. The group has also released Zprotector, a patch that automates Microsofts recommended mitigation for Windows users.

        Inside the setSlice flaw

        * First discovered and reported in July as part of HD Moores Month of Browser Bugs project

        * The vulnerability is exposed by the WebViewFolderIcon ActiveX control (Web View) in Windows

        * Malicious sites hosted in Russia are targeting IE users with drive-by exploits that load spyware, Trojans, bots and rootkits without any user action

        Ryan Naraine
        Ryan Naraine

        Get the Free Newsletter!

        Subscribe to Daily Tech Insider for top news, trends & analysis

        Get the Free Newsletter!

        Subscribe to Daily Tech Insider for top news, trends & analysis

        MOST POPULAR ARTICLES

        Artificial Intelligence

        9 Best AI 3D Generators You Need...

        Sam Rinko - June 25, 2024 0
        AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
        Read more
        Cloud

        RingCentral Expands Its Collaboration Platform

        Zeus Kerravala - November 22, 2023 0
        RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
        Read more
        Artificial Intelligence

        8 Best AI Data Analytics Software &...

        Aminu Abdullahi - January 18, 2024 0
        Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
        Read more
        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Video

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2024 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×