September 30, 2006 4:27 PM PDT

Cybercrooks add Windows flaw to arsenal

Attackers have added another, yet-to-be-patched Windows flaw to their arsenal, experts warned Saturday.

Cybercrooks have started exploiting a flaw in the Windows Shell only days after sample attack code for the vulnerability surfaced. Web sites that exploit the vulnerability are popping up and attempt to load malicious software onto vulnerable Windows PCs in a way that is undetectable to users, experts said.

"There are professionals at work using the exploit code," security firm Websense said in an alert. The miscreants taking advantage of the flaw appear to be part of the same group that in December used another Windows flaw to hoist spyware onto PCs, Websense said. That flaw stemmed from the way Windows handled Windows Metafile, or WMF images.

Microsoft warned of the Windows Shell flaw on Thursday. The flaw affects Windows 2000, Windows XP and Windows Server 2003, and could be exploited via the Internet Explorer Web browser through a component called WebViewFolderIcon, the company said. Windows Shell is the part of the operating system that presents the user interface.

"The fact that they are using the exploit code poses a significant risk" in particular, because these sophisticated attackers are known to attract users to their sites via search engines and e-mail spam campaigns, Websense said.

The CoolWebSearch gang has also adopted the new flaw as a way to compromise systems, said Roger Thompson, chief technology officer at security software maker Exploit Prevention Labs. "It's not the end of the world or anything but it's an interesting escalation," he said.

CoolWebSearch is notorious for installing spyware and other malicious programs onto people's PCs. The group lures people to their sites via links in other search engines as well as by persuading Web masters to adopt their search engine, promising a lot of site visitors.

The Windows Shell flaw was found almost two months ago, but sample attack code became available only recently. Microsoft plans to issue a fix for the problem on Oct. 10, its regularly scheduled patch day, it said in a security advisory on Thursday.

Windows users can protect themselves by following the guidance Microsoft gives in its advisory, switching to a non-Microsoft Web browser, or installing security software such as Exploit Prevention Labs' SocketShield.

Also, a group of security professionals, calling itself the Zeroday Emergency Response Team, or ZERT, is working on a third-party fix that should be available before Microsoft's official patch, Thompson said.

Meanwhile, there are several other security vulnerabilities in Microsoft products waiting to be fixed. Some of these flaws are already being used in cyberattacks, though not as widespread as the Windows Shell flaw or another Windows bug for which Microsoft rushed out a fix on Tuesday, according to security experts.

Add a Comment (Log in or register) 29 comments (Showing first 20 comments)
Windows Sigh
by georgiarat September 30, 2006 5:28 PM PDT
Still using Windows?

You get what you deserve.....

And how much money is being saved in your organization by
dealing with this issue? How much have you spent in the last
three years? Guess the cheaper hardware makes up for it.
NOT!!!

Of Course, it does provide a lot of employment for IT
professionals to repair and keep the Windows systems running.
Reply to this comment View all 2 replies
MS waits till Oct. 10 to issue fix..!!!!
by imacpwr October 1, 2006 3:12 AM PDT
WAIT..???? They are WAITING...?!?!

And this is the company that wants to be the sole provider of your
computer's security..!!!

Are Window user really that naive..???
Reply to this comment
Put you hand up if you're surprised!
by grandmasterdibbler October 1, 2006 4:53 AM PDT
Because you really shouldn't be.
Reply to this comment
Simple Fix: make malicious hacking a DEATH PENALTY.
by kamwmail-cnet1 October 1, 2006 4:10 PM PDT
And one will be amazed at how fast this will stop after the first dozen execution or so.

It will also have the added benefit of remove the scum from the gene pool, preferrably before they spawned.
Reply to this comment View all 2 replies
Prove it
by boyd087 October 1, 2006 7:10 PM PDT
Show me proof of companies that have saved money and resources by switching from Windows to Mac OSX. And yes, people DO want the standard software that runs on Windows. I work on a college campus. We have free CDs full of free software that we give to students (as well as a download site) and even though there is a free Open Source Office Suite on there and others we can suggest, they still spend the money on Micro$oft Office because they already know how to use it and it does everything they expect it to. People hate change and the last thing they want to do is learn how to use new technology. They want it all done for them. They want their machine to work with the devices they already have like printers, scanners, etc. Sorry, but networks are still easier to manage with Windows, even if some security is sacrificed. If that weren't the case, I'm sure almost every company in the US would be switching to open source right now. Do you think IT people everywhere are TRYING to take people's/companies' money or rip them off? That's ridiculous and you know it. Our IT department is given a budget just like most other departments and the better we utilize that money, the easier our jobs are and the happier people are and the better we look and the more job security we have. Guess what works for us right now? I'll give you a hint, it's NOT Linux or Mac OSX.

Don't get me wrong, Linux is a great OS. It's my OS of choice for running web servers, SQL, etc. I'm not as crazy about Mac OSX and I think its security is overrated, but just because these Operating Systems are better than Windows in some aspects doesn't mean that they have the answer for everything.
Reply to this comment View all 3 replies
The Answer!
by iwarp62 October 2, 2006 4:19 PM PDT
And what does microsoft recomend??

"switching to a non-Microsoft Web browser"

AMEN
Reply to this comment
%&$#`* Microsoft
by wbenton October 3, 2006 8:41 AM PDT
The Windows Shell flaw was found almost two months ago.

Exploit Code is OUT for a few days already.

Today is Oct 3rd, 2006.

BUT

Microsoft still wants to wait until Oct 10, 2006?

We're way past when will Microsoft ever learn as this clearly shows that they WILL NEVER LEARN!!!

Walt
Reply to this comment
Looking for blacklists
by Seaspray0 October 3, 2006 8:54 AM PDT
I'd like to find a good blacklist of all these websites that repeatedly attempt to exploit holes to install their garbage on computers. Perhaps Cnet will be willing to do a story on this, since they seem to mention these "miscreants" often.
Reply to this comment View reply
 See all 29 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News.com to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right