""The exploit sites we've seen so far drop a wide variety of
malware--most commonly password stealers like new variants of game
password stealers like Win32/OnLineGames, and Win32/Lolyda;
keyloggers like Win32/Lmir; trojan horse applications like
Win32/Helpud along with some previously unseen malware which we
generically detect as Win32/SystemHijack," the Malware Protection
Center blog says. "We fully expect the variety of malware being
dropped by this exploit to broaden as the exploit code starts to
circulate around the Internet underground.""
"People visiting trusted sites could be affected as well from
sites targeted by SQL injection attacks through which malicious
code is injected into sites, Microsoft says."