CNET's Robert Lemos sums up what is known or surmised about the sophisticated new contagion first seen 2 days ago:
"Security researchers warned Web surfers on Thursday to be on guard after uncovering evidence that widespread Web server compromises have turned corporate home pages into points of digital infection. The researchers believe that online organized crime groups are breaking into Web servers and surreptitiously inserting code that takes advantage of two flaws in Internet Explorer that Microsoft has not yet fixed. Those flaws allow the Web server to install a program that takes control of the user's computer. Late Thursday, Microsoft advised customers to increase their browser security to the highest settings, although that could cause some Web site functions to stop working. The extent of the attacks is unknown, but the security community has seen numerous cases of personal computers infected when the user merely visits a Web site... [The] flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch...
"The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties... The group also pointed out that the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software...
"Researchers believe that attackers seed the Web sites with malicious [javascript] code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft's Web software, Internet Information Server (IIS). When a victim browses the site, the code redirects them to one of two sites, most often to another server in Russia. That server uses the pair of Microsoft Internet Explorer vulnerabilities to upload and execute a remote access Trojan horse, RAT, to the victim's PC. The software records the victim's keystrokes and opens a back door in the system's security to allow the attacker to access the computer...
"Symantec believes that the attacks last fall and in April, which the current one most resembles, were conducted by online organized crime groups from Russia. The theory is supported not only by the fact that the server storing the malicious code is in Russia, but also by the sophisticated nature of the attacks, Symantec's Huger said. 'It's a group of people that have resources to bring to play,' he said, adding that the attack programs were not amateur material. 'The code wasn't pulled off a Web site; it was custom.'
"Meanwhile, the average Internet surfer is left with few options. Besides choosing the highest security settings for Internet Explorer, Windows users could download an alternate browser, such as Mozilla or Opera. Mac users are not in danger..."