So far 95,000 Internet Explorer users have downloaded an unofficial patch to fix a critical security flaw in the browser.
The patch was issued by eEye Digital Security earlier this week when exploit code for the IE flaw started to appear on the internet.
Rival intrusion detection firm Determina followed suit and also issued its own unofficial patch
Both patches are not sanctioned by Microsoft, which is still working on its own official fix. It is not known how many users have so far downloaded the Determina patch.
The Microsoft patch is expected to be issued by 11 April at the latest, which is the company’s scheduled security patching date. But because the threat of the flaw is increasing, the company said it has not ruled out releasing a fix earlier.
Microsoft does not sanction the use of unofficial patches, as it says they could potentially affect the way other IE and Windows components usually work.
Internet security company Websense has warned users to be on the look out for spoof e-mails pertaining to be from the BBC, which have web links carrying users to malicious sites.
Users think they are being taken to a news story, but once there they are infected with a Trojan virus and key-logging software.
In addition to the critical flaw that has made it into the wild, Microsoft is also considering two other security flaws found in its browser last week.