Their passwords and credit cards are stolen, while pcs morph into spam zombies for the Russian mob or other dirty birds. Web dummies? Nope. Innocent… even security savvy… users visiting legitimate, namebrand sites.

How bad is it? NetSec’s Chief Technical Officer ordered his wife to stay off the Internet. techdirt says it’s “ridiculously dangerous these days for anyone to keep using Microsoft IE.” Homeland Security warns that a large scale attack against web servers using Microsoft’s Internet Information Server is under way.

Antivirus solutions can’t stop it. But the exploit does need a little help to drop its payload: An IIS server without the latest patches on one end, and a user browsing with Internet Explorer on the other. The world has an abundance of both.

What You Can Do: If you’re running IIS servers, make sure your patches are 100% up-to-date. If you’re not, don’t.

In addition, Secunia advises that you set proxy servers to filter “Location:” headers containing the “URL:” prefix, and change all copies of Internet Explorer to allow Active Scripting on trusted web sites only… or use a different web browser. Any other web browser.

While scrambling, ponder our Question of the Day: “Is a single vendor solution the smart way to secure a network?”

Talk amongst yourselves. (hint)

See for yourself at cnet News.