My local media was reporting a "Big" threat hitting the internet which involved infected Web Sites. So I hustle my butt into work to check things out. I have no high level alerts from Symantec only a note about a Category 1 virus which deals with Infected Web Sites.

Symantec Link

I head on over to the Internet Storm Center and they have more information:

A large number of web sites, some of them quite popular, were compromised earlier this week to distribute malicious code. The attacker uploaded a small file with javascript to infected web sites, and altered the web server configuration to append the script to all files served by the web server. The Storm Center and others are still investigating the method used to compromise the servers. Several server administrators reported that they were fully patched.

I check all my systems and I see nothing going on which could be related to any of this.

My question, are any of you seeing anything from this "Big Threat" or is this just another issue which is being over hyped by the media?


More information from SANS:

The visitor's browser is re-directed to the Russian URL listed below where a known Trojan program (msits.exe) is downloaded, along with some additional malware. Again, if the user's machine is updated with current AV software, this malware is detected and blocked.
The earliest reported infection was on June 20th.
An IIS server's configuration is somehow modified so that "enable document footer" is enabled for various (if not all) files and linked to the new .dll file(s) in \winnt\system32\inetsrv. This might be done with the help of a program called agent.exe installed via one of the multiple known IIS vulnerabilities.
What we DON'T know, and can use some help in figuring out, is how the malware is installed on the IIS server to begin with. Is there a zero-day floating around? Is it via a known vulnerability and the use of agent.exe as mentioned above? (Ed Skodis, one of our handlers, suggested that perhaps the IIS system admin used a local copy of IE to browse a site and pulled down hostile JavaScript.