Yes, you heard me correctly.
Describes an attack on IE where a file named img1big.gif installs and runs an IE Browser Helper Object that steals information before SSL transmission and sends copies to http://www.refestltd.com/cgi-bin/yes.pl
Visit the wrong website and IE is invisibly bugged. The thing that is scary is that the gif image is decompressed (UPX compression) and installed with a trojan dropper, then the data is sent using a very crude encryption algorythum. This is designed to beat filtering solutions designed to scan traffic for key words. If you do online banking, be sure to check this out.