Malware sites exploit IE flaw

Websites are using the vulnerability to install software without the end user's consent

Security firm WebSense is warning of a number of websites hosting malware that exploits an unpatched Internet Explorer flaw.

Visiting one of the malicious websites with an unpatched version of Internet Explorer is enough to compromise the user's workstation, according to WebSense.

The websites discovered so far are using the vulnerability to install potentially unwanted software without the end user's consent.

In an example supplied by WebSense a fully-patched XP workstation was immediately infected after visiting a malicious website.

The user's desktop background is replaced with a message warning of a spyware infection, and a 'spyware cleaning' application is launched. This prompts the user to enter credit card information in order to remove the detected spyware.

The malicious code that is installed also connects to a website hosted in the .biz domain and downloads and runs more than 10 additional programs.

This site also hosts more than 10 different files with exploit code to run software on a user's machine without consent. The infected site appears to have been compromised and is hosted in the US.

The Internet Explorer vulnerability was first acknowledged by Microsoft on 21 November in a security advisory. The flaw allows hackers to embed malware in a website and then load it onto a visiting machine using an 'onLoad event'.

Microsoft suggests no practical workarounds and will issue a patch at some point in the future, but would not say when.

• The wise man's guide to Christmas shopping
• Win a trip to Las Vegas!