Wired News
A mysterious Internet virus being spread Friday by hundreds and possibly thousands of infected websites may be aimed at stealing credit card and other valuable information, security experts warned.
The infection appears to take advantage of three separate flaws with Microsoft products. Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn’t substantially interfering with Internet traffic.
Security technicians at Microsoft and elsewhere worked Friday to pin down how the infection spreads across websites. It appears to target at least one recent version of Internet Information Server, Microsoft’s software for operating websites.
The infection makes subtle changes to the site so visitors get a piece of code that’s designed to retrieve from a Russian website software that records a person’s keystrokes and can send data back, experts say. Such software “Trojan horses” are routinely used to fish for credit card numbers, bank accounts, passwords and the like.
IE users might want to avoid entering sensitive information for the time being.
Or just install the patches that were released two months ago and follow the instructions here . I assume all three vulnerabilities need to be unpatched for the worm to infect your computer.
Could be but it would be safer wait until the third hole is fixed or use Mozilla.