It seems like 28% of you guys still use Internet Explorer (stats for my blog); a critical zero-day exploit for Internet Explorer was released today.
The exploit allows a remote attacker to take complete control of a Windows system if the victim visits a malicious website – not hard with pop unders, iframes, and spam.
There is proof of concept code at FrSIRT.
The group said IE users should immediately disable "Active Scripting via the Tools > Internet Options > Security tab > Custom Level feature.
You can also try an alternative browser such as Firefox.