Microsoft issued a critical security warning on Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.
The risk is believed to be widespread, given that IE7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.
The AZN Trojan, which has been making the rounds since the first week of December, has the potential to infect users' system with a Trojan horse, or 'downloaders' that can download other forms of malware onto a user's system.
Microsoft announced it will release a security patch on Wednesday via its automatic update system to patch users' computers.
Users can potentially get infected in two ways, Marcus said. One is to visit a malicious website that already has the malware installed on the site; the other is to visit a legitimate site in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.
"A lot of websites are pushing out this exploit," Marcus noted. Infected sites include websites that offer free wallpaper for mobile phones, sites that feature property, and product-related sites.
Microsoft is encouraging users to update their systems once the patch is released on Wednesday at 10am PDT (6pm GMT).
The risk is believed to be widespread, given that IE7 is the latest version of Microsoft's browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.
The AZN Trojan, which has been making the rounds since the first week of December, has the potential to infect users' system with a Trojan horse, or 'downloaders' that can download other forms of malware onto a user's system.
Microsoft announced it will release a security patch on Wednesday via its automatic update system to patch users' computers.
Users can potentially get infected in two ways, Marcus said. One is to visit a malicious website that already has the malware installed on the site; the other is to visit a legitimate site in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.
"A lot of websites are pushing out this exploit," Marcus noted. Infected sites include websites that offer free wallpaper for mobile phones, sites that feature property, and product-related sites.
Microsoft is encouraging users to update their systems once the patch is released on Wednesday at 10am PDT (6pm GMT).
