A few visitors to one web site are having a problem; the owners of the site claim there is no problem with their site.

The problem is a reported intrusion attempt for those using Internet Explorer, any version.  The intrusion attempt is being reported by all users as being blocked.  Users using any other browser are not getting the warning. 

The details of the report:

IPS Alert Name:  
Attacking computer: 
Attacker URL:  
Destination Address:  Cliff (172.xxx.xxx.106, 49403)
Source Address:  129.121.206.70
Traffic Description:  TCP,www-http

All users reporting on this problem are reporting the same name and address.  I've also had two instances where a file was auto-downloaded to my system that NIS picked up as a virus.  The file was downloaded to the Desktop before NIS caught it.

One of the owners has claimed that there is a patch from MS, but won't supply a link to the patch.  The fixes suggested by the owners (deleting cookies and logging out of the site before coming back to the site) have not fixed the problem.

Your thoughts??

[edit: Please do not post potentially dangerous content per the  Participation Guidelines and Terms of Service.]

I think it is pretty clear that the website is compromised.  The owners are in denial and should contact the hosting company to get this resolved.  The toolkit is probably looking for vulnerabilities in Java, Adobe Reader, and Adobe Flash Player among other applications, so a Microsoft Windows patch is going to do nothing to limit your exposure on that score.  You have done the right thing in informing the owners of the problem.  You should avoid the site until it is cleaned up.