Hackers are using the IE flaw to infect users and turn machines in zombie computers. An alert issued by researchers at Websense Security Labs warned users that attackers have begun sending spam in an attempt to attract users to infected websites.
These emails contain excerpts from actual BBC news stories and offer a link to "Read More." Users who follow this link are taken to a website that is a spoofed copy of the BBC news story from the e-mail.
This website exploits the unpatched createTextRange vulnerability in Internet Explorer and is currently being used to download and install a keylogger. This keylogger monitors activity on various financial websites and uploads captured information back to the attacker.
