Yesterday, Microsoft issued a security advisory for an unpatched and actively exploited invalid reference pointer vulnerability in the Internet Explorer 6 and 7 web browsers. In the attack we observed, the exploit code will load the TDSS.CQ trojan, which is designed to steal personal and sensitive data. Only versions 6 and 7 of Internet Explorer are vulnerable, but you can take additional steps to avoid it by using an alternative browser such as, Firefox, Opera, or by upgrading to Internet Explorer 8.
I went ahead and put together a little video to show you all how the exploit works:
Note: Originally posted on the PandaLabs blog.
