US-CERT said Thursday that it was tracking malicious activity involving compromised web sites running Microsoft’s Internet Information Services (IIS) 5.0 and possibly affecting users who visit the sites.
“This file may contain malicious code that can affect the end user’s system,” the agency said in its advisory.
US-CERT said it is investigating the source of the attacks and the impact of the code that’s downloaded to the users’ systems.
Microsoft said it also is investigating the attacks. Web servers running Windows 2000 Server and IIS that don’t have a patch that Microsoft issued in April may be compromised and try to infect the systems of Internet Explorer users, the company said.
The company advised users to make sure they’ve installed all critical Windows updates and to increase the security of their browser settings.
The web server attacks are “another example of why end users must exercise caution when JavaScrip is enabled in their web browser,” US-CERT said.