Secunia is reporting that a security exploit in
Internet Explorer DHTML Edit ActiveX Control Cross-Site Scripting that affects Internet Explorer through the latest Windows XP Service Pack 2. A malicious site could show a different url than the actual one you are on. That is, the address bar could read “www.amazon.com” but you are really at “www.steal-my-credit-card.com”
If you’re still using IE, isn’t it time to get Firefox?