My colleague at Kaspersky Lab Roel Schouwenberg (see disclosure) has discovered a drive-by malware download taking advantage of what Microsoft describes as an Internet Explorer "feature" to launch cross-site scripting attacks.
The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.
Fast forward to the latest site compromise -- on a high traffic Web site -- where a GIF file containing an embedded iFrame is pointing IE users to a known malicious site. (The malicious site is currently offline but there's evidence that it's tied to ID-theft attacks).
Schouwenberg has contacted Microsoft again to reconsider its position on this issue.