This article at Wired News pointed me towards a page that fully describes the Download.Ject exploit discussed in the last two posts. The page in question is written by the usually conservative CERT organisation. In a change from their normal general “use a firewall, virus scanner and keep software patched” type advice, this vulnerability gives them cause for more alarm too prompting this recommendation:
Use a different web browser
There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).
CERT is a US government and public/private sector group that reports on security vulnerabilities; they don’t tend to make knee-jerk pronouncements, making this recommendation all the more compelling.