Fake BBC e-mails seek to exploit IE flaw
Attackers are spamming out these messages and hoping readers will click on a link to "read more." Those who do will be sent to a Web site that exploits the createTextRange flaw in Internet Explorer, dropping keyloggers onto victims' machines that can be used to steal bank account information.
That warning comes from San Diego-based Websense Inc., which offered details on its Web site, including a screen shot of an infected Web page.
"These e-mail messages contain excerpts from actual BBC news stories and offer a link to 'read more,'" Websense said. "Users who follow this link are taken to a Web site that is a spoofed copy of the BBC news story from the e-mail."
Read more...