Unsuspecting users need only visit a website and they are automatically compromised by the server. The exploit code takes advantage of a flaw in the XML handling parsers in IE and a trojan is downloaded without the user knowing. Right now, this trojan is looking for passwords to certain online games, and the exploit is targeting Chinese language users. But according to Microsoft, just about everyone with IE7 is vulnerable, including Vista users.
If You are still using Internet Explorer for anything, really, do you think you should be on the internets?