The vulnerability discovered by researcher Tavis Ormandy on June 10, 2010 enables attackers to remotely implant malware on systems running Windows XP and Server 2003 by attracting users to booby-trapped sites.

As per the statement of Holly Stewart, a member of the Microsoft Malware Protection Center, published by The Register on June 30, 2010, after the discovery, the attacks became targeted and comparatively less in number, but in past ten days or so, they have abruptly soared.

According to Stewart, it appears that the rise in attacks is due to the randomly-generated, apparently automated html and php pages. He further explained that at the beginning of the attacks criminals are employing the attack code for downloading various malicious codes, like Trojans, viruses and software known as Obitel that simply downloads additional malware as well as downloads which involve single or double script redirects detected as TrojanDownloader:JS/Adodb.F and TrojanDownloader:JS/Adodb.G respectively by Microsoft.

However, over the period of time, the exploits have gathered several other Trojans, which Microsoft identifies as Win32/Tedroo.AB, Win32/Swrort.A, Win32/Neetro.A and Win32/Oficla.M among the others.

The US, Russia, Portugal, Germany and Brazil constitute the major targets in terms of number of attacks emanating from malicious webpages, said Microsoft, as per the news published by COMPUTERWORLD on June 30, 2010. These attacks are heavily concentrated in Portugal - higher than ten times the global average per computer. Russia follows at eight times the global rate.

Those users who are using the vulnerable Windows and have not yet employed countermeasures are strongly recommended by security experts to consider implementing the measures straightaway.

It is noteworthy that it not the Microsoft alone, security vendor Symantec also reported that they have recorded increased attackers' activity exploiting this vulnerability, which started somewhere around June 21, 2010 and attained a peak around June 26 and June 27.