THE OFFICIAL BLOG OF THE SBS DIVA

UPDATE - What You Should Know About Download.Ject:
http://www.microsoft.com/security/incident/download_ject.mspx

I normally have as my “home” page the Incidents.org web page.  Today they are indicating that there is a possible Spam/vulnerability attack going on. 

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis:
http://www.incidents.org/

I recommend that you check out the posting and in particular.....

 "What we DON'T know, and can use some help in figuring out, is how the malware is installed on the IIS server to begin with. Is there a zero-day floating around? Is it via a known vulnerability and the use of agent.exe as mentioned above? (Ed Skodis, one of our handlers, suggested that perhaps the IIS system admin used a local copy of IE to browse a site and pulled down hostile JavaScript. Does that jive with anybody's findings?)

Our concern is that there might be an IIS zero-day floating around. We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched.

[original diary entry follows]

A reader pointed us to an IIS discussion group (microsoft.public.inetserver.iis.security) where several IIS administrators discovered some strange .dll files on their web servers in the past 24 hours. According to the discussion on that list, they are all 1kb .dll files. They were deposited in the \winnt\system32\inetsrv directory with names like iis7xy.dll where x is a random number that appears to be between 1-3 and y is a random character or number."

Don't use your server as a workstation.  Don't introduce an unnecessary threat by surfing at your server.  Be safe.  Be paranoid.