Cybercriminals have stepped up their attacks on the world’s most used Web browser, Microsoft’s Internet Explorer.

Based on its own tracking of the attacks since the vulnerability went public, roughly 0.2% of users worldwide may have been exposed to Web sites containing exploits of this latest vulnerability.

That percentage may seem low, but it still means that a huge number of users have been affected. The trend for now is going upwards: an increase of over 50% in the number of reports Monday compared to Sunday.

The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6.

In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports — IE5.01, IE6 and IE7 — as well as IE8 Beta 2, a preview version that the company doesn’t support through normal channels.

Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.

How are the attackers managing to affect more users now? First, some legitimate web sites were maliciously modified to include the exploits.

For example a popular search engine in Taiwan was found to be hosting the exploit. Luckily, that site was quickly cleaned. Secondly, some pornography sites have started hosting these exploits as well. Among them, a Web site in Hong Kong that serves various content including adult entertainment. Users who hoped to watch that content, became target of those attacks.

Microsoft security keeps their advisory updated with possible workarounds. Read carefully, see what applies to you and in the meantime, you should always exercise caution when browsing and try to go to sites that you trust.

Today, a Danish security researcher added that Microsoft’s original countermeasure advice was insufficient and recommended that users take one of the new steps the company spelled out.

In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports — IE5.01, IE6 and IE7 — as well as IE8 Beta 2, a preview version that the company doesn’t support through normal channels.

Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.

Tags: attacks, exploits, Internet Explorer, Microsoft, pornography, vulnerability