Microsoft patched a security hole in Internet Explorer on the Black Tuesday last week (MS09-002). As expected, first public exploits appeared for the vulnerability, trying to install malware on computers of unsuspecting users.
A link is spread in spam mails with a Word document attached that opens a chinese website – which in turn tries to exploit the vulnerability on unpatched systems. The vulnerability can get exploited via drive-by-download as well, but we didn’t see this attack vector being used yet.
Avira detects the exploit site as being infected with HTML/Rce.Gen and warns the user. So users of Avira products are currently safe from the attack. Anyhow, now it’s time to patch the computers with the available update. Make sure all your computers are up to date!