The msits.exe malware has been used in phishing scams dating back to April. In that instance, it installed a keystroke logger which tried to capture login information for online banking accounts. One media report suggests that the compromised sites in this newest incident may include “auction sites, price comparison sites, and financial institutions.”
Much about this new exploit is unknown or being debated, including the method through which IIS servers are infected, and the effectiveness of the protection supplied by end-user antivirus software. Some early analyses suggests the exploit is being used to build a spam network. However, the nature of the affected sites and the past use of a keylogger by this particular malware raises a troubling alternate possibility – that the exploit could be using e-commerce sites to unknowingly launch phishing scams upon their own users.