Websites are specially crafted to exploit the text range vulnerability.
The websites are intended to exploit the vulnerability which in turn runs shell code that downloads an SDbot variant. The SDbot variant takes several actions, then connects to an IRC server to await further commands. In our testing none of the detected sites successfully downloaded the SDbot variant. Our honeypot clients are currently scanning for malicious websites that are using this vulnerability and have detected sites using it. We are issuing
Real Time Security Updates as we detect these sites.