Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

New ‘SetSlice’ Flaw in IE

Criminal bands began aiming at an un-patched security hole in Internet Explorer browsers, recently. Consequently, the 'SANS Institute's Internet Storm Center' notified its 'Internet danger warning' level to "yellow" during the weekend.

The exploit, called "In the Wild", set against the newest un-patched Windows flaw has started spreading. It is using Internet Explorer as the attack probe to install 'identity theft' trojans and 'rootkits' on compromised PCs.

Security researcher H.D. Moore's 'proof-of-concept-code' demonstrates how a virus in the "setslice( )" method in IE's "WebViewFolderIcon" Active X control can help to run malicious code on a compromised system.

The basic cause of the problem is an 'integer overflow' in a central Windows component called COMCTL32.DLL, that is utilized by many programs. As said by Determina's Alex Sotirov, the 'WebViewFolderIcon Active X control' might be only one attack probes for this susceptibility from many more.

This Windows virus can be manipulated to load spyware on PCs just by visiting a malicious site on Internet Explorer or opening a specially designed e-mail. Although Microsoft has declaration that users running "Windows Server 2003" and "Windows Server 2003 Service Pack 1" as default configurations along with the 'Enhanced Security Configuration' would not be affected.

The increase in attacks using "setslice()" method are different from VML attacks that used some other Internet Explorer flaw, said security experts. The emergency patch for that flaw was issued by Microsoft.

Microsoft recommends IE users to discard instantiating the Active X control by turning on the 'kill bit' in the registry for CLSIDs {844F4806-E8A8-11d2-9652-00C04FC30871} and {E5DF9D10-3B52-11D1-83E8-00A0C90DC849}. It also asks to keep anti-virus update and look for Microsoft patch. In addition, SANS urged administrators to ask their users to not use IE for a while.

Some other tips include upgrading IE to IE 7 version, which is unaffected by these kinds of bugs. It is not safe to open unexpected attachments. If an e-mail appears doubtful, it is better to confirm about the file sent by the sender. And all e-mail attachments should be scanned with anti-virus software before opening or downloading them.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 07-10-2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next