The SANS Institute\u2019s Internet Storm Center set its Internet danger warning level to "yellow" over the weekend as criminal gangs began targeting Internet Explorer browsers with an unpatched security hole.Last week, security researcher H.D. Moore released proof-of-concept code demonstrating how a bug in the "setslice()" method in IE\u2019s "WebViewFolderIcon" ActiveX control could be used to execute malicious code on a user\u2019s system. Moore originally publicized the flaw in July, but at the time he disclosed only that it could be used to shut down the browser.Over the weekend, two separate criminal groups began hacking into websites and message boards and rigging them to deploy code from remote servers that exploits the bug. The exploit servers attempt to plant several pieces of malicious code on users\u2019 systems, including a program called CoolWebSearch that is notoriously difficult to remove, according to SANS.SANS urged system administrators to take action as soon as possible. "The exploit is widely known, easy to re-create and is used on more and more websites," the group said in an advisory. "The risk of getting hit is increasing significantly."Microsoft said it is aware of the problem, and recommended workarounds until a patch arrives on Oct. 10, as part of the company\u2019s regular patch cycle. Users should install killbits that disable the control, according to Microsoft and SANS. SANS also urged administrators to consider asking their users to stop using IE for the time being.Security company Determina issued a patch that fixes the problem, which has been endorsed by Zeroday Emergency Response Team, a nonprofit group made up of well-known security researchers.The root of the problem is with an integer overflow in a core Windows component called COMCTL32.DLL, which is used by many programs, researchers said. "The WebViewFolderIcon ActiveX control is most likely only one of the attack vectors for this vulnerability," said Determina\u2019s Alex Sotirov on the Full Disclosure mailing list.-Matthew Broersma, Techworld.com (London)Related Links:\n\nMicrosoft Still Working to Patch July Bugs\n\nCritical IE Bug Gets Early Fix from Microsoft\n\nMicrosoft Expects to Release Only 3 Patches in Sept.Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.