Originally posted here by black_death
in addition most IE (or any other browser) exploits require the victim visiting a specially crafted html page , if you are stupid enough to surf unsafe web pages while you have imp info on your system you deserve to lose it all , sorry but this is how things work online.
http://securityresponse.symantec.com...ob.trojan.html

Check that out. Any reputable server infected with scob gets malicious script appended to its pages. IE vulns no longer depend on malicious IE script crafted in a HTML page intentionally. Infections like this effect any vulnerable IIS server.