Sophos Cloud Optix
As previously predicted, copycat attacks attempting to exploit the IE zero day vulnerability (CVE-2010-0249) were inevitable.
Though numbers are still very low, over the past 24 hours or so we have seen a few sites serving up malicious code attempting exploit the vulnerability. Sophos products are blocking the content as Troj/ExpJS-N.
For the sites that are still active, the payloads are another Mal/PcClient variant being blocked as Mal/Generic-A, and a downloader Trojan being pro-actively detected as Mal/BredoPk-B.
SophosLabs will continue monitoring the situation, but as yesterday, stay alert for the patch which Microsoft have announced they will release ahead of the regular monthly cycle.