Check this out...

Link:
http://story.news.yahoo.com/news?tmpl=story&ncid=1212&e=2&u=/afp/20040625/tc_afp/us_internet_virus&sid=96001018

Hey Sasha check out this link:

http://forum.avast.com/index.php?board=2;action=display;threadid=5499

Here is my post in the AVAST 4 Home/Pro section of the forum. Here is a link to department of homeland security site:

http://www.us-cert.gov/current/current_activity.html#iis5

Here is the text:

IIS 5 Web Server Compromises
added June 24

US-CERT is aware of new activity affecting compromised web sites running Microsoft’s Internet Information Server (IIS) 5 and possibly end-user systems that visit these sites. Compromised sites are appending JavaScript to the bottom of web pages. When executed, this JavaScript attempts to access a file hosted on another server. This file may contain malicious code that can affect the end-user’s system. US-CERT is investigating the origin of the IIS 5 compromises and the impact of the code that is downloaded to end-user systems.

Web server administrators running IIS 5 should verify that there is no unusual JavaScript appended to the bottom of pages delivered by their web server.

This activity is another example of why end users must exercise caution when JavaScript is enabled in their web browser. Disabling JavaScript will prevent this activity from affecting an end-user’s system, but may also degrade the appearance and functionality of some web sites that rely upon JavaScript. US-CERT recommends that end-users disable JavaScript unless it is absolutely necessary. Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.
I hope this helps.

this is from e-week:

Microsoft has issued a security alert on the attack, called Download.Ject. The company says that their MS04-011 update, issued in April, addresses vulnerability to the attack on the server end. The bulletin also says that systems running Release Candidate 2 of Windows XP Service Pack 2 are not vulnerable to the client-side attack, and that other systems can be protected from downloads of malicious code by having all current critical patches installed and running Internet Explorer with its security settings at “High.”

Link to article:http://www.eweek.com/article2/0,1759,1617233,00.asp?kc=ewnws062504dtx1k0000599

-max