Not sure if this was fixed with the latest update to IE or not ...
http://news.bbc.co.uk/2/hi/technology/4173218.stm
What made this bug so effective was its ability to grab text stored on the clipboard and by Internet Explorer, said Eric Sites, vice president of research and development at Sunbelt Software.Sunbelt believes the trojan has been circulating for about three weeks and in that time has probably infected thousands of victims.
The vulnerability it exploits means that all a user has to do to fall victim is to visit the wrong site.
"Type in a web link and your machine is infected," said Mr Sites. "You do not have to click on anything, the website forces the installation."
Many victims may have no idea that they have been infected.
"This version of the trojan was very successful," he said. "It was very small, hard to detect, the file had a very innocuous name and did not cause any problems to the machine.
...
The trojan was tricky to spot because the files being sent back to the server were disguised as data traffic generated by a user's browser.