Microsoft has issued an emergency patch for a flaw in Internet Explorer that had been exploited widely since it was found.

The bug, found in the Vector Markup Language, or VML component of IE had been used by Russia-based porn website that contained malicious code. Security companies watching the flaw have said that there had been an increase in emails containing links that downloaded malicious code as well; some lured users by promising that they’d been sent a Yahoo Greeting Card.

Others actually promised to contain a link to an unofficial patch that had been developed. The patch was genuine and developed by Zeroday Emergency Response Team, but the email that was being used in the attack was malicious.

Microsoft’s next security patch is due out on 10th October, but the company issued a special one specifically for this exploit. It’s also helping law enforcement track down the hackers.

The total number of websites that contained links to malicious code to infect PCs were estimated at more than 3000 according to some analysts.