Alerts
BOOKMARK THIS ALERT
digg
|
del.icio.us
|
reddit
newsvine
|
furl
|
technorati
WebView FolderIcon setSlice Vulnerability
Date:09.30.2006
Threat Type: Malicious Web Site / Malicious Code
Websense Security Labs (TM) has received several reports of the recently released " WebView FolderIcon setSlice" Internet Explorer zero-day code being utilized on the Internet. Like the recently reported VML zero-day, there are professionals at work using the exploit code.
To date all the sites we have discovered appear to be from the IFRAME Cash folks. This is the same group that we discovered using the WMF exploit back in late December 2005. The fact that they are using the exploit code poses a significant risk due because their ability to attract users to sites via search engines and email spam campaigns. Also they have iframe's embedded on. As of the time of this alert we have more than 600 active sites that have IFRAME cash placed code on them. This does not mean that all sites have the recent zero-day code but it does mean that they potential to because they mostly point back to main "hub servers".
Although in some cases the IFRAME Cash sites are used to download and install Potentially Unwanted Software (PUS), they also have installed Trojan Horses which open backdoors, code which is designed to steal end-user information, and sophisticated rootkits.
Websense security customers are protected against the sites that are using the IFRAME links and distributing the latest zero-day code and we are mining the web for additional sites / groups we may be utilizing the vulnerability.
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=387
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=76
http://www.websense.com/securitylabs/alerts/alert.php?AlertID=385