Yesterday, Microsoft issued a security advisory for an unpatched and actively exploited invalid reference pointer vulnerability in the Internet Explorer 6 and 7 web browsers.  In the attack we observed, the exploit code will load the TDSS.CQ trojan, which is designed to steal personal and sensitive data.  Panda customers are already protected against the threat, but you can take additional steps to avoid it by using an alternative browser such as, Firefox, Opera, or by upgrading to Internet Explorer 8.

I went ahead and put together a little video to show you all how the exploit works: