Websense� - Security Labs Alert: IE Zero-Day Lures Discovered

Websense� - Security Labs Alert: IE Zero-Day Lures Discovered: "Microsoft has posted additional information regarding this vulnerability in Security Advisory (917077): http://www.microsoft.com/technet/security/advisory/917077.mspx.

Attackers have begun spamming e-mail lures in an attempt to attract users to infected websites. These e-mail messages contain excerpts from actual BBC news stories and offer a link to 'Read More'. Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail. This website exploits the unpatched createTextRange vulnerability and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker."