SECURITY: Everyone Has Been Hacked. Now What? “On Apr. 7, 2011, five days before Microsoft patched a critical zero-day vulnerability in Internet Explorer that had been publicly disclosed three months earlier on a security mailing list, unknown attackers launched a spear-phishing attack against workers at the Oak Ridge National Laboratory in Tennessee. . . . The cleverly crafted missive included a link to a malicious webpage, where workers could get information about employee benefits. But instead of getting facts about a health plan or retirement fund, workers who visited the site using Internet Explorer got bit with malicious code that downloaded silently to their machines. Although the lab detected the spear-phishing attack soon after it began, administrators weren’t quick enough to stop 57 workers from clicking on the malicious link. Luckily, only two employee machines were infected with the code. But that was enough for the intruders to get onto the lab’s network and begin siphoning data. Four days after the e-mails arrived, administrators spotted suspicious traffic leaving a server.”