Exploiting a vulnerability found in October in how Internet Explorer and Windows XP Service Pack 2 handle help files called from Web pages, the Phel Trojan horse
can install programs to remotely control a victim's system. The code is currently being examined by Microsoft analysts.
"Microsoft is working to forensically analyze the malicious code in Phel and will work with law enforcement to identify and bring to justice those responsible for this malicious activity."
No patch is currently available, but one may well be in the works soon. Microsoft have certainly promised to provide a security update that patches against Phel
as soon as testing is complete.
All in all, 2004 was not a very good year for IE security. I've certainly lost count of the number of vulnerabilities that were found in IE and Windows this year which were used to create Trojans and worms. Going forward, the consumer will have to be assured more effective security in the Windows operating system and in the IE browser.