Excerpt from the CNet article
In this case the malware, a toolkit called LuckySploit, exploits a known security hole in the browser, and installs the Trojan on the computer.
This is a quite misleading statement IMO because:
tries to exploit the same vulnerabilities other toolkits are trying to - Adobe Flash and PDF exploits
Source: Finjan report PDF
So far it's primarily an Adobe Flash exploit.
AFAIK Adobe fixed the security hole but it will take some time till every Windows user will update.
Edited 1 time(s). Last edit at 10/04/2009 01:25AM by Yogi.