Security researchers are warning that serveral thousand websites are taking advantage of a 'zero-day' vulnerability spotted in Internet Explorer, John Stokdyk, our technology editor reports.

According to IDG's Robert McMillan, the flaw in how Internet Explorer handles XML (Extensible Markup Language) was initially discussed on a Chinese language website more than a week ago. By the time Microsoft released its advisory notice, malicious code had been posted on a number of websites, which attempt to download a password-stealing Trojan horse virus to visiting browsers.

The vulnerability affects IE versions going back to 5.01 (service pack 4). While Explorer 8 Beta 2 on all supported versions of Windows "are potentially vulnerable", the company said: "At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7."

Chinese gamers appear to be the main target for the virus writers, but pornography sites are also reported to be among the 6,000 infected websites documented by Trend Micro and other security experts. Hackers have also started to create SQL injection attacks based around the vulnerability.

No patch is yet available for the vulnerability, but Microsoft has published details of workarounds in Security Advisory 961051 and the Microsoft Knowledge Base. Or you could try running an alternative browser such as Firefox or Google Chrome.