Alert - IIS 5.0 Vulnerabilities
Since few days ago, a new exploit has been found and attacking IIS 5.0 servers. Incidents.org has a write up on this, Infoworld got it covered as well. Apparently, it is hitting users using IE and IIS 5.0 servers, have seen couple of discussions in public newsgroups and other IIS community forum. At the moment Microsoft official posted latest alert about Download.Ject. from the page..
Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.
If you have not patch the related fixes, I strongly recommended that you do it NOW, and as good security practice, you should restrict or limit HTTP port 80 surfing from your IIS web server. It should be there to serves HTTP / HTTPS requests not as your surf station.