this is from e-week:
Microsoft has issued a security alert on the attack, called Download.Ject. The company says that their MS04-011 update, issued in April, addresses vulnerability to the attack on the server end. The bulletin also says that systems running Release Candidate 2 of Windows XP Service Pack 2 are not vulnerable to the client-side attack, and that other systems can be protected from downloads of malicious code by having all current critical patches installed and running Internet Explorer with its security settings at "High."
Link to article:http://www.eweek.com/article2/0,1759,1617233,00.asp?kc=ewnws062504dtx1k0000599
-max