"It seems that the hackers are getting bolder," said Joe Stewart, senior security researcher at consultants LURHQ. "Traditionally it has been much more low-key, but I guess that wasn't good enough for them."
Once infected the user's computer will be attacked by a combination of viruses, trojan horses and spam.
The Bofra worm appeared only four days after the Internet Explorer flaw was reported. It affects all Windows platforms except those using Service Park 2 (SP2) - an update that is yet to be installed on thousands of computers due to its incompatibility with some software.
Banner based exploits first appeared earlier this year. An adware Trojan known as Virtumode makes popups appear that are related to whatever the user has been searching for on a browser. As Stewart wrote in his description of the exploit, a user visiting a page with keywords related to travel would suddenly find relevant adware appearing on their computer.
But Stewart claimed that users shouldn't be overly concerned. "This isn't going to spread that quickly. It doesn't travel in the right way to be huge menace. We aren't going to see another Sasser or Blaster," he said.