A suspected IE7 0day has surfaced on servers in China. Ryan Naraine posted information earlier this morning on the state of the patch and the exploit.
A couple of our ThreatFire users unfortunately visited the site, but fortunately they have been protected against multiple exploit attempts from that site. We are trying to trigger and analyze the 0day amongst the others, but it appears to be rather unreliable in exploiting a mshtml.dll vulnerability. The site attempts to attack multiple ActiveX control vulnerabilities, the ancient MS06-014 vuln, and several others. At the very least, the stash of trojans, rootkit components and password stealers delivered by it are prevented by ThreatFire.
Most of the malware appears to be gaming password related, and the 0day exploit implemented in javascript attempts to identify the OS your system is running and attacks WindowsXP or Windows 2003 accordingly.
Be sure to keep your Microsoft patches up-to-date, there should be more later today. A patch for the 0day flaw will follow.
