Spammed Drag and Drop Exploit

Yesterday, I saw some spam detected as Trojan/Exploit-DragDrop!link. Today I see in Fsecure posted this to their blog yesterday. If you click on the ‘remove’ link, you are taken to a website. At the site they use the drag and drop vulnerability to download a trojan to your computer.
Currently there is no patch for this exploit. In Windows XP with Service Pack 2, you can disable “binary behaviors” under the ActiveX security settings. Other than that all you do is the usual advice. Run all client software as a non-privileged user and do not follow links that you have any reason to be unsure of.