On Friday, Microsoft confirmed that a zero-day exploit had been found in Internet Explorer 8, the most used version of the company's web browser. Now there's word that a number of websites have been attacked via this exploit and have been infected with malware as a result.
Last week, the security firm Invincea claimed the IE8 exploit was used by hackers in attacks directed against websites run by the U.S. Department of Labor and U.S. Department of Energy. Now another security company, AlienVault, has posted word on its blog that "at least 9 other websites were redirecting to the malicious server at the same time. The list of affected sites includes several non-profit groups and institutes as well as a big European company that plays on the aerospace, defense and security markets."
Microsoft has said that it is already working on a patch for IE8 that will close this exploit, but there's no word on when it will be released. In the meantime, users have been advised to upgrade to IE9 or IE10 if they can do so. The company has also offered some workarounds for people and companies who can't or won't stop using IE8.