Web Graphics Exploit Marching Across Internet (Russian hack update)
Source: http://www.eweek.com/article2/0,1759,1617046,00.asp
When visitors to a few particular Web sites—including popular auction, shopping and price-comparison sites—request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC.
NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer.
The code then forces the machine to contact two IP addresses—one in Russia and one in the United States. The Russian site is hosted on a broadband connection and is part of a network known for spamming and other transgressions.