Since miscreants stepped up attacks targeting a vulnerability on hundreds of thousands of WebPages, a rare emergency update has been issued by Microsoft for its Internet Explorer browser.

It has been learnt that in most of the cases, the websites distributing the toxic payloads are legitimate destinations, which have been commandeered, thus giving an allowance to the attacker to trap victims as they surf for online banks, forums, and other trusted sites. A research conducted at iDefense, a security lab owned by VeriSign, claims that there are at least six distinct versions of the attack code circulating in the wild.

A whopping 233,000 pages were shown via a web search to contain the string ardoshanghai.com/s. It was further learnt that key logging software was silently installed by most of the attacks as soon as a victim surfs a site carrying the exploit. The software, once installed, steals login credentials for online games.

Rick Howard, intelligence director of iDefense reported, “The vulnerability is so juicy that we expect it to show up in tool kits fairly shortly.”

Following eight days, when reports began circulating that websites were targeting vulnerability in fully patched versions of IE, the patch was released. It should be noted that this is the second time in 18 months that Microsoft has issued an unscheduled update. Usually, in order to allow the system administrators time for planning, the patches are available on the second Tuesday of each month.