Security firm WebSense is warning of a number of websites hosting malware that exploits an unpatched Internet Explorer flaw.
Visiting one of the malicious websites with an unpatched version of Internet Explorer is enough to compromise the user's workstation, according to WebSense.
The websites discovered so far are using the vulnerability to install potentially unwanted software without the end user's consent.
In an example supplied by WebSense a fully-patched XP workstation was immediately infected after visiting a malicious website.
The user's desktop background is replaced with a message warning of a spyware infection, and a 'spyware cleaning' application is launched. This prompts the user to enter credit card information in order to remove the detected spyware.
The malicious code that is installed also connects to a website hosted in the .biz domain and downloads and runs more than 10 additional programs.
This site also hosts more than 10 different files with exploit code to run software on a user's machine without consent. The infected site appears to have been compromised and is hosted in the US.
The Internet Explorer vulnerability was first acknowledged by Microsoft on 21 November in a security advisory. The flaw allows hackers to embed malware in a website and then load it onto a visiting machine using an 'onLoad event'.
Microsoft suggests no practical workarounds and will issue a patch at some point in the future, but would not say when.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC