Exploits against the unpatched vulnerability in Microsoft's Internet Explorer are increasing and attackers are gathering momentum, researchers said Thursday. They warned that the problem would become worse if cyber criminals attack via e-mail next.

"It might come to nothing, but it feels like a storm's coming," said Roger Thompson, the chief technology officer at Exploit Prevention Labs. "The potential is there. Call it a storm watch, not a storm warning."

At least two different exploits have appeared this week, said Thompson, one linked to the Russian-made hacker exploit kit called WebAttacker, the other posted early Thursday on the xSec gray-hat vulnerability research site. That second exploit can launch remote code without using JavaScript, as did the original inserted in the WebAttacker kit; it's more dangerous for that reason.


TechWeb