The msits.exe malware has been used in phishing scams dating back to April. In that instance, it installed a keystroke logger which tried to capture login information for online banking accounts. One media report suggests that the compromised sites in this newest incident may include “auction sites, price comparison sites, and financial institutions.”

Much about this new exploit is unknown or being debated, including the method through which IIS servers are infected, and the effectiveness of the protection supplied by end-user antivirus software. Some early analyses suggests the exploit is being used to build a spam network. However, the nature of the affected sites and the past use of a keylogger by this particular malware raises a troubling alternate possibility – that the exploit could be using e-commerce sites to unknowingly launch phishing scams upon their own users.

The U.S. Computer Emergency Readiness Team recommended that “end-users disable JavaScript unless it is absolutely necessary,” the agency said in its advisory. “Users should be aware that any web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code.”