The team, which advises the US government and is a senior authority on Net weaknesses, said that flaws in the software expose users to criminals who can spy on their activities, steal their personal details or send junk e-mail from their computers without them knowing. It said internet users should consider dumping the Microsoft software - which comes as standard installed on PCs - and switching to another web browser, such as the free Mozilla or commercial Opera products.
VULNERABILITIES IN EXPLORER
• Pop-up ads can silently download software that will use your computer to send out spam or install "Trojans" that watch your typing.
• E-mails by "phishers" can grab bank details by using malicious internet addresses preceded by a real one. If you open it with IE, you will only be shown the first part of the address, with the rest hidden. Users may trust the address and give the criminals their details.
• Another "phishing" attack uses the "fake address" method above and puts a pop-up window with an image of a padlock on top of the window. This looks like a "secure" website. IE has no built-in means to block pop-up windows.
• Some pornography websites use IE to silently download software that changes the computer's internet settings to dial a premium-rate number.
• One pop-up ad installs software that monitors whether you visit any of 50 banking sites, including Barclays and Citibank. When you do, it monitors your keystrokes and sends them to a website in San Diego.
(via jimmy akin's blog)