The compromised web sites append JavaScript to the bottom of web pages. When executed, the JavaScript tries to access a file hosted on another server, according to US-CERT.
"This file may contain malicious code that can affect the end user's system," the agency said in its advisory.
US-CERT said it is investigating the source of the attacks and the impact of the code that's downloaded to the users' systems.
The agency advised web server administrators running IIS 5.0 to ensure no unusual JavaScript is attached to the bottom of web pages from their servers.
Microsoft said it also is investigating the attacks. Web servers running Windows 2000 Server and IIS that don't have a patch that Microsoft issued in April may be compromised and try to infect the systems of Internet Explorer users, the company said.
The company advised users to make sure they've installed all critical Windows updates and to increase the security of their browser settings.
The web server attacks are "another example of why end users must exercise caution when JavaScrip is enabled in their web browser," US-CERT said.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
