Internet VulnerabilityThis Metasploit exploit is more intelligent and dangerous. It affects older versions of IE that have JavaScript enabled. The versions that are vulnerable are IE6 and IE7.

This exploit is for a very popular hacking technique called a drive-by attack. Victims are tricked into visiting Web sites that contain malicious code where they are then infected via the browser vulnerability. Criminals also place this type of code on hacked Web sites in order to spread their attacks.

“The Metasploit exploit that was released last night will be more reliable against certain attacks than the initial exploit,” said Ben Greenbaum, senior research manager with Symantec, in an interview Wednesday.

As of Wednesday morning, Symantec had not seen the exploit used in Internet-based attacks. You can count on cyber-criminals to utilize this exploit during the holiday online shopping season.

On Monday, Microsoft published a Security Advisory on the flaw, offering some workarounds for the issue.

Microsoft’s latest IE 8 browser is not affected by the bug, which has to do with the way that IE retrieves certain Cascading Style Sheet (CSS) objects, used to create a standardized layout on Web pages.

Concerned IE users can upgrade their browser or disable JavaScript in order to avoid an attack.

I highly recommend that you do not click on links in an email from anyone you do not know. If a link is shared on a social network, be careful before clicking on that link, you may be a victim of a drive-by attack.

Surf safe all!