IE ZeroDay Lures Discovered

Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to "Read More". Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail.

This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker. WebsenseŽ - Security Labs Alert: IE Zero-Day Lures Discovered

Linked by shanmuga Thursday, 30th March 2006 11:50PM