Hackers are targeting a vulnerability in Microsoft's Internet Explorer 7 (IE7) running on Windows XP Service Pack 2.

Malicious JavaScript code, which exploits a bug in the way IE handles Extensible Markup Language (XML), is served to those surfing the web. The code drops a malicious program onto the victim's PC, which then goes on to download malicious software from various locations.

It works on the browser about "one in three times" said Wayne Huang, CEO of security vendor Armorize Technologies.

Windows XP Review

Internet Explorer 7 review

Security researcher Knownsec made the flaw public in a Chinese forum earlier this week. Huang said now that the bug has been publicly disclosed, he expects attacks based on the flaw to become much more widespread.

See also: The 8 most dangerous Windows vulnerabilities

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products