grack.com

After reading the full-disclosure list for more ASP.NET vulnerability information, I came across a report of spyware installing on fully-patched XP SP2 IE instances.

The thread is here.  Basically, a site is forcing a CAB file down user’s throats without any sort notification.  If you want to try it out in VMWare or some other safe environment, jump to the URL http://www.themexp.org/about_wrap.php.

I can’t repeat it enough: Install Firefox today.