The infection appears to take advantage of three separate flaws with Microsoft products.
Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
Car Bomb in Hilla Kills 17 Iraqis -U.S.
Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn’t substantially interfering with Internet traffic.
Security technicians at Microsoft and elsewhere worked Friday to pin down how the infection spreads across websites.
It appears to target at least one recent version of Internet Information Server, Microsoft’s software for operating websites.
The infection makes subtle changes to the site so visitors get a piece of code that’s designed to retrieve from a Russian website software that records a person’s keystrokes and can send data back, experts say.
Such software “Trojan horses” are routinely used to fish for credit card numbers, bank accounts, passwords and the like.
“Users should be aware that any website, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code,” the U.S. Computer Emergency Readiness Team warned in an Internet alert.
Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their antivirus and firewall programs.
Because one flaw has yet to be fixed, he said, users should also turn up security settings on Microsoft’s Internet Explorer browsers to the highest levels.
http://www.wired.com/news/infostructure/0,1377,63994,00.html?tw=newsletter_topstories_html