Already being exploited by a resurgence in the Bofra family of worms. Here are some articles at Sophos:

http://www.sophos.com/virusinfo/articles/howbofrawork.html
http://www.sophos.com/virusinfo/articles/bofra.html
http://www.sophos.com/virusinfo/articles/bofrab.html

Does anyone know if this IFRAME flaw is new, or is this issue only affecting unpatched IE? I don't have time to check this morning.

Interesting... as far as I know it only affects unpatched IE, I seem to have heard things about this many many months ago aswell. Don't take my word for it though, it is just gut instinct.

Not sure but this adds to other reasons why not to use IFRAMES or IE :) Nasty piece of work, some people have way to much spare time.

Bang on time... rant coming in the next few days... heavily against IE and for opera. Quite a nice name aswell... Internet Explorers *Opera*tion

So, this is a case of an old worm learning a new trick, which uses an old exploit. I think it means, "Don't use IE unless you're on XPSP2".

As to whether it means "don't use IFRAMES", no. The exploits are deliberate on the server side -- the worm attempts to entice the user to visit a malicious site. This won't affect other websites which use IFRAMES.

No, but it's all the more reason to a) not use IE, b) disable IFrames or c) both ;)

Me? I'm going for both!

:grandpa:

(Just showing off a new smiley in your thread, don't mind me!)

IFrames been disabled for many months. :)

Paul... no need for the self portrait. :lol:

Me? I'm going for both!

Amen!

iFrames are fun in IE. I remember about two years ago I made one that opened the C:\ drive and told that it hacked a random PC, and you could delete that person's data.

I googled it a year later and it was on a few dozen sites. :P

You naughty boy Dan. :lol: ;)