This is the response to the "Scob" virus, discovered last Thursday. (More description at Mudcat Spyware.) Scob attacks/infects servers and requires three separate vulnerabilities to be successful at the server level. Two of the three vulnerabilities were "patched" several months ago, but servers where the old patches were not applied could download the "applet" to users.

The junk that's downloaded to most users is technically not a virus - it's just a Java program script. The script connected to either of two sites to download a spyware program. Neither the applet that's embedded in a web page nor the spyware that's the end result is detected by ANY AV or AntiSpyware programs (as of yesterday) and cannot be removed by any of the common AntiSpyware programs, so it is "dangerous;" but thus far it was not widely distributed. The apparent purpose of the malware that was the end result was identity theft (keystroke logging), which of course can be a very real problem for anyone on whom it's successful.

The "fix" that was widely publicised in the news media, cited above, allows users to "turn off" one of the Java functions needed for execution of the "nasty stuff" that's the payload for this one.

There's a new one every week - and about three "copy cat" versions of each new one about a week later, so more of the same may be expected.

John