I don't usually do technology news here on the blog, but this sounds like it might merit some folks' immediate attention.

PC Users Warned of Infected Web Sites Computer security experts and the federal government are warning Internet users to take extra precautions when browsing the Web after an Internet attack seeded Web sites with programs that hackers can use to steal personal information.

The attack is more dangerous than most, according to the government's US-CERT cybersecurity center, infection is possible just by visiting affected Web sites, according to US-CERT, a division of the U.S. Department of Homeland Security.

The attackers, whose identities are unknown, targeted a flaw in Web sites powered by Microsoft's Internet Information Services Web server (IIS). The sites hit by the attack were programmed to redirect the Explorer browser to another Web site that contains code that hackers use to record what people type on their keyboards -- including data such as passwords, credit card and Social Security numbers. The code then e-mails that information back to the attackers.

Computers that run Microsoft's Internet Explorer browsers are vulnerable to infection, according to US-CERT. The CERT warning said Internet Explorer users can protect themselves by turning off the "javascript" function in their browsers. Javascript is a computer language often used in building Web sites. The attack takes advantage of two recently discovered security flaws in Internet Explorer. Microsoft released a patch in April to fix one of the security holes; the company is still working on a patch for the other flaw, which security researchers publicly detailed less than two weeks ago.

CERT recommends that Internet Explorer users consider different browsers such as Mozilla Firefox, Netscape Communicator or Opera. For people who continue to use Internet Explorer, CERT and Microsoft recommend setting the browser's security setting to "high."

More: How to protect yourself.

--------