Security experts worked Friday to pin down how hackers managed to infect hundreds and possibly thousands of Web sites. It appears to target at least one recent version of Microsoft software for operating Web sites, called Internet Information Server.

Hackers made subtle changes to the Web site so visitors get a piece of code that's designed to retrieve, from a Russian Web site, software that records a person's keystrokes.

Such data, which can include credit card numbers, bank accounts and passwords, are collected for remote delivery to hackers, experts say.