An email making the rounds makes the innocent claim that “it is possible that your account password has been stolen”.
Expecting a phish?
Actually, no. The site serves a malicious script. Nevertheless, the exploits served are six to eight months old — CVE-2010–0886 (a Java exploit) and CVE-2010-1885 (a cross-site scripting method that exploits a vulnerability in Windows Help). Downloading the latest version of Java and insuring you’re up-to-date on Windows patches will protect against any attack.
Alex Eckelberry