[Security] IIS delivers Trojan horse!
US CERT and Internet Storm Center are reporting a rising number of IIS 5 WebServers delivering the Trojan horse "RAT".
US-CERT is aware of new activity affecting compromised web sites running Microsoft's Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user's system.
Compromised servers append a JavaScript to every page they deliver using IIS's "Enable document footer"-function. At this point of time, it is unknown, which security issue was used to compromise the servers - possibly a new one was used. But - and this can't be a mistake - it is recommended to install all security fixes for IIS!
The delivered scripts use a non-fixed issue with Microsoft's Internet Explorer - so it will be enough to access a page to get infected. Right now, the only solution to this problem seems to disable Active Scripting in IE.
More can be found here:
Microsoft also currently released a statement:
Bad news, bad news.