Hi malware fighters,

In China various websites have been found that abuses the recently patched IE hole to infect users with Vundo spyware by just visiting the websites with their IE7 browser. Therefore users of IE are strongly advided to immediately install mentioned patch: http://www.microsoft.com/technet/security/bulletin/MS09-002.mspx

Read: http://pandalabs.pandasecurity.com/archive/MS09_2D00_002-Exploit-in-the-wild.aspx

Even if one uses the Firefox browser with NoScript installed all users of Windows are strongly advised to update the IE browser on their OS completely and install all patches for that browser, because it still forms an integral part of their Operational System, and using IE with limited rights (normal user rights and not full admin rights) will considerably diminish the damage for 92% of malware on the Operational System,

polonus

Well it is wise to keep your OS fully updated and not just because of this particular incident and the black hats will always be trying to exploit known vulnerabilities. A security update is a huge flag, with ‘exploit this vulnerability’ written on it, before people get round to updating and closing it.

Interestingly that KB is only for IE7 so those tardy updaters or those that don’t want IE7 aren’t effected by this update.