The drama surrounding the recently discovered IE flaws continues to unravel. Earlier in the week we heard about companies going so far as to create third-party patches, and now we have lure sites being created with legitimate content solely to exploit these vulnerabilities. Essentially a phishing tactic, emails are being sent with bits of a news article in them with the intent to get someone interesting enough to click a “Read More” link. While most enthusiasts usually know that clicking around in e-mail is a sure fire way to get yourself in a whole heap of sad, many people are being tricked and having keyloggers installed on their PCs as a result.
This is on top of the other methods of propagation we've seen, including real sites being outright compromised. The situation is getting worse, and may continue to get worse until Microsoft releases the official patch, due on April 11th.