Inclusion of the exploit in a malware toolkit known as 'WebAttacker' has made it easier to implement, according to Schmugar.
"[WebAttacker] is known for making it easier for someone with less skill to use this toolkit to install their payload," he said.
"Tools have been posted to be able to plug in a URL and build an exploit that downloads and executes the file of choice."
Reports surfaced last Wednesday of an unpatched vulnerability in Internet Explorer's Vector Markup Language that could allow attackers to take control of a system.
The vulnerability was first exploited through a group of adult websites hosted in Russia.
Over the weekend an existing data phishing operation started using the VML exploit in an effort to steal log-in data for financial websites, Roger Thompson, chief technology officer at Exploit Prevention Labs, told vnunet.com.
The group sends out weekly spam emails informing recipients that they have received a digital card through Yahoo Greetings.
While users eventually arrive at the Yahoo website, they are first taken past an exploit server that infects their system with a Trojan.
The Trojan is designed to collect all information used in online forms, allowing the attackers to collect log-in details for banking websites and online payment services such as PayPal.
The attackers have been active for four to five months. Prior to exploiting the VML vulnerability, they targeted a critical security hole in the Microsoft Data Access Components in Windows that was repaired in April.
Even when the group was targeting the patched vulnerability, the attackers harvested 200MB of data every week, according to Thompson's research.
He predicted that the group will ensnare even more victims now that it has started exploiting the unpatched VML exploit.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software