New York A mysterious Internet virus being spread Friday by hundreds and possibly thousands of infected Web sites may be aimed at stealing credit card and other valuable information, security experts warned.
The infection appears to take advantage of three separate flaws with Microsoft Corp. products. Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
Experts said the infection, detected by Microsoft on Thursday, was unusually broad but wasn't substantially interfering with Internet traffic.
Security experts at Microsoft and elsewhere worked Friday to pin down how the infection spreads across Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites -- called Internet Information Server.
The infection makes subtle changes to the Web site so visitors get a piece of code that's designed to retrieve from a Russian Web site software that records a person's keystrokes and can send data back, experts say. Such software "Trojan horses" are routinely used to fish for credit card numbers, bank accounts and passwords.
Now that the code is out, other hackers are likely to adapt it to distribute software for spamming and for launching broad Internet attacks against popular Web sites, said Alfred Huger, senior director of engineering at security company Symantec Corp.
"Users should be aware that any Web site, even those that may be trusted by the user, may be affected by this activity and thus contain potentially malicious code," the U.S. Computer Emergency Readiness Team warned in an Internet alert.
Stephen Toulouse, a security program manager at Microsoft, recommended that computer owners obtain the latest security updates for Microsoft products and their anti-virus and firewall programs.
Because one flaw has yet to be fixed, he said, users also should turn up security settings on Microsoft's Internet Explorer browsers to the highest levels.
Security experts noted that users can avoid the exploit by using alternative browsers such as Mozilla and Opera.