A flaw in MS’s IIS is allowing hackers to install malicious code on website visitor’s machines. The exploit, VML MS07-004, allows for SEO poisoning and can serve up data via Javascript and send browsers to other websites. Interestingly enough they’ve used the exploit to infect the United Nations main page, dumping SEO noise into the HTML and potentially sending users to a website running the exploit.