This is our second warning in first wave of attacks against an unpatched flaw in Microsoft's Internet Explorer browser has already begun, and security experts warn that the threat will grow significantly over the weekend.

Less than 24 hours after Microsoft issued details for IE users, malware hunters have started detecting drive-by downloads on more than 20 maliciously rigged Web sites.

It is already reported that a list of more than 20 unique domains and 100 unique URLs hosting the exploits, which are dropping a variant of SDbot, a dangerous family of backdoors that give hackers complete ownership of infected computers.

SDbot allow attackers to control victims' computers remotely by sending specific commands via IRC (Inter Relay Chat) channels. The backdoors have also been used as a keylogger to steal sensitive user information and spread to local network and to computers vulnerable to exploits.

Some of these attackers are the same people that were exploiting the WMF vulnerability. This will continue to get worse over the weekend, especially if they can figure out how to get the exploits to work efficiently.

One of the interesting things we're seeing is that the shell code doesn't work on a lot of these sites. That suggests they're testing the exploits and getting ready to do some major damage.

In addition to SDbot variants, the sites are dumping spyware and keystroke loggers on machines without requiring any user action. Simply surfing to these sites will hose your machine.