This potentially serious security issue was revealed last week by Microsoft, which noted that it concerned an unpatched and actively exploited invalid reference pointer vulnerability in the Internet Explorer web browser code.
According to Panda Security, its research team observed that the the trojan will steal data from the users' PC, and is advising internet users to switch to alternative browser such as Mozilla Firefox or Opera - or by upgrading to Internet Explorer 8.
The potential scale of the problem is shown by a video that Panda has posted.
And it seems that other security research teams have being doing their homework on what appears to be a metasploit issue as Computerworld has reported on an Israeli researcher – Moshe Ben Abu – as using a clue from a McAfee blog posting to essentially reverse engineer an in-the-wild exploit and create a working set of code.
Computerworld's Gregg Keizer cited Ben Abu as saying that the exploit "worked on fully-patched PCs running Windows Vista Service Pack 2 (SP2) and IE7, as well as machines running Windows XP SP3 and IE6 or IE7."
What's interesting about the exploit, however, is that Ben Abu says that the code only executes completely between 60% and 75% of the time, suggesting that other variables are at play.
This perhaps explains, Infosecurity notes, Microsoft not immediately issuing a full patch for the problem, but the software giant has promised a code remediation in the next Patch Tuesday batch of updates.