I.E. Zero-day update

Date:03.26.2006

Threat Type: Malicious Code / Malicious Website

This is an update on our previous alert (http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=449) regarding the latest unpatched Internet Explorer vulnerability. To date we have discovered more than 200 unique URL's that are using the vulnerability to run exploit code. The most common is the use of shellcode to run a Trojan Horse downloader that downloads additional payload code over HTTP. The additional payload has been various forms of BOT's, Spyware, Backdoors, and other Trojan Downloader's.

Our honeyclients are actively scanning for sites that are using this vulnerability to run code without user-interaction.