UPDATE: THIS IS DEFINATELY MALICIOUS CODE!!!!!

I visited the lukeisback.com using IE, expecting to see warnings like Bornyo, but didn't get any - just a meaningless pop-up. I then found that it had created the file:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta

.hta files are HTML Applications. This one downloads a file from http://www.outdoornewswire.com/iesploit/sysprog.exe and saves it as C:\calc.exe. Thankfully, I spotted this before I rebooted my system and gave it a chance to run.

The frightening thing is that I'm running a fully patched, up to date Win XP SP2. This appears to be an unpatched exploit in the wild.

I found a write-up on the vulnerability here. Looks like someone took this "proof of concept" and adapted it for malicious purposes.

Everyone, check your system for these:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta
C:\calc.exe

If they exist, DELETE THEM. Virus checkers might not pick up something so new.

I'm emailing Luke and outdoornewswire.com to let them know they're own3d.