Web monitoring firm Websense reported that a Swedish-hosted website has been engineered with malware built in that exploits a flaw in unpatched versions of Internet Explorer. The flaw allows hackers to gain complete control of PCs visiting the infected site.
"At this time, malicious websites have been observed to exploit this vulnerability by downloading and running code on the end user's machine," said the company in a statement.
"We expect to see additional exploits of MS05-038 in the near future, as it is very new and allows privileged access to the machine."
The website containing the code purports to be advertising pharmaceutical products and its URL has been spammed out to millions of inboxes. Owing to a small flaw in the malware, visitors to the site will also suffer a browser crash.
This is the second Microsoft patch to be cracked in less than a week. Exploit code for another patch appeared on Friday and by Monday had been used in a worm that is hitting Windows 2000 systems particularly hard.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches