Brian Krebs notes on Washingtonpost.com that there are 200 sites exploiting the createTextRange IE flaw. Microsoft recommends avoiding untrusted sites, but Krebs says you can’t trust that advice. Crackers have broken into normally trusted sites and installed traps that, through the flaw, install spyware and bots.
Essentially, you cannot trust ANY site when using Internet Explorer.
Krebs goes on to say
“Rather than download a “beta” (read: potentially unstable) version of IE or wait around for Microsoft to issue a fix, a far better idea would be to ditch IE altogether (or only use it only when absolutely necessary). I use Mozilla’s Firefox for everyday browsing, but your mileage may vary. There are other options, of course, such as Opera and Netscape, to name a couple.
What amazes me is how many Windows users seem to blindly equate Internet Explorer with access to the Internet — in much the same way that many America Online users are unsure whether they can use someone else’s browser once they’ve signed on to their account. Even after you tell people that they may have just been whacked with a virus due to a flaw in IE, they still use it.”
The Internet Storm Center is, again, on top of the situation.