Computer security experts are advising users of Microsoft's Internet Explorer to switch to another web browser until a major security flaw is fixed.
The problem, first revealed last week, allows criminals to hijack computers and steal passwords if the user visits an infected website.
As many as 10,000 sites have already been compromised to take advantage of the flaw, according to anti-virus software producer Trend Micro. So far the websites, which are mostly Chinese, have been used to steal computer game passwords which can be sold on the black market.
But Trend Micro security researcher Paul Ferguson told the Associated Press there were major concerns that the problem could be exploited by "more financially motivated criminals for more serious mayhem".
Microsoft said it had so far only found attacks against version 7 of Internet Explorer, the world's most popular web browser, but warned that other versions were "potentially vulnerable".
In a security update, the computer giant said: "We are actively investigating the vulnerability that these attacks attempt to exploit.
"We will continue to monitor the threat environment and update this advisory if this situation changes."
Microsoft may fix the problem in its regular monthly security update or issue an emergency software patch.