The trojan spreads by exploiting a vulnerability within Internet Explorer and SP2 that uses help files from web pages. This exploit was discovered in October.
An attacker first must entice a user to visit a malicious Web site before placing the Trojan on his machine. If the Trojan is successfully launched, the malicious software could be downloaded and run on the victim's system, according to Microsoft.A spokeswoman from Microsoft said that programmers were working to fix the vulnerability and will realese a security update when the development and testing process is complete.
"Microsoft is working to forensically analyze the malicious code in Phel and will work with law enforcement to identify and bring to justice those responsible for this malicious activity," she said.Lets hope that this is the last piece of malicious software disrupting this holiday time which is ought to be peaceful.