There are a number of sites out there using a large number of different exploits to install malware on system.
For example, one site that masquerades as the Red Cross installs nasty malware using one of the following exploits:
MS03-11
MS04-013
MS05-002
MS05-054
MFSA2005-50 (Firefox vulnerability)
MS06-006
You can see a screen shot of the admin console with the success by exploit:
There are other similar consoles we ran across as well showing similar types of statistics.
This site claims exploit efficiency of 7%, a number that’s not trivial. Even unpatched Firefox are getting hit here.
Just a reminder that just because you use Firefox, you still need to keep updated with the latest patches. And as far as running IE, well, you know what you need to do.
More detailed stats are available here (pdf), from the same page.
Alex Eckelberry
(Thanks for the tip from some French friends)