You will recall that last week security experts (man, what a cool job!) released evidence that there were certain vulnerabilities in IE and IIS 5.0 that could allow hackers to redirect browsers and download a keylogging trojan from a Russian website. We posted a story about a released fix, here.
Anyway, you will be interested I am sure to find out this security flaw is actually a feature that allows an ActiveX ADODB.Stream object to read and write files on a hard drive. Attackers used this "feature" to download copies of a keystroke logging trojan onto the unsuspecting browser user's computers.
In addition to the fix, there is also now a workaround in progress, and rest assured Microsoft is currently thinking up more "features" for us as we speak.