Source: http://www.ecommercetimes.com/story/34842.html
Security experts had been waiting for a couple of weeks for the shoe to fall. On June 11, US-CERT, the government-funded computer-security watchdog at Carnegie Mellon University warned that a flaw in Microsoft Internet Explorer could allow a Web site to dump malicious programs onto Windows computers. The alert was highly unusual because CERT normally avoids public warnings about vulnerabilities until patches to fix them are available.
By Friday, June 25, it became clear why the experts were worried. Reports started flowing from security services that unsuspecting computer users were being hit by a program that could log their keystrokes, grab account information and passwords, and send them back to a computer in Russia. The initial assault was stopped over the weekend by shutting down the Russian site and updating antivirus software to deal with the program, known as either JS.scob.trojan or download.Ject. But the basic vulnerabilities remain, and a second wave of attacks seems likely.