If you use internet explorer, please update to the current version and make sure your virus software is current.

If you get a message in internet explorer that looks like the message below, DO NOT CLICK ON IT.
http://img253.imageshack.us/img253/3661/activexmessagepf5.png

Someone has somehow hacked literally thousands (probably more than that) of websites on the internet. They most likely have written some script to do this in an automated way.

The script appends some code to the end of certain files. So far the files appended are index.html index.php default.html login.php

That code uses an internet explorer vulnerability to load a virus on your computer. The virus is a pretty nasty one and seems to have a few variants. It's been reported that at least one of the variants load a fake screen saver on your computer that looks like the microsoft blue screen of death and forces continual hard reboots.

As far as I can tell, this only affects internet explorer, not firefox or other browsers.

I am researching this further. If I find any additional information, I'll post it.

The reason I'm posting an alert about this virus is because I've seen a lot of virus attacks and vunerabilities before, but the scope of this one is bigger than any I've seen before.

A couple of other things I've noticed.

Any type of website can be hacked with this exploit, but some web software doesn't seem to let the script run.

vBulletin websites don't seem to run the bad script.

WordPress websites definitely DO PASS THE SCRIPT

Joomla websites seem to become non functional if they have the script. Basically it takes down the site, which is good in this case because the script can't be passed.

I've seen some sites with other custom software and with those I've seen either pass the script (THAT's BAD) or it kills the website.

One other thing to add.

I've checked all of BoltTalk and we are 100% virus free. I also checked BoltBunker and they are virus free as well.