[Salo]

Actually, IE has another related hole which makes it much easier: you can set up your own server www.goldeneagle.com, put your malware on it, send an email pointing to your server which will make it appear as www.microsoft.com in IE, put a link "emergency securty patch" to your malware, kick back and enjoy.

[Golden Eagle]

Actually, IE has another related hole which makes it much easier: you can set up your own server www.goldeneagle.com, put your malware on it, send an email pointing to your server which will make it appear as www.microsoft.com in IE, put a link "emergency securty patch" to your malware, kick back and enjoy.

Certainly possible, and hackers can never be underestimated (can't say that enough), but a single serverhost attack is never going to infect millions of systems, not unless it was hosted overseas at a server farm or something, but then you have latency issues and the ability to block the requests at the major ISPs. However those sorts of attacks could be the next wave, as these anti-American hackers are relentless in their pursuit of causing us harm.