As I understand it, a web server could be used to direct visitors to malicious sites, but as far as I know it hasn't been done yet. I think most web servers will be patched pretty quickly.
Let's remember that these scares seldom turn out to be as dire as predicted - the industry doesn't just sit there, doing nothing. Patches have already been released for Linux, and there will be more. Panic is certainly not the word to use, but there are obvious concerns.
I am beginning to find it rather strange that the BBC are highlighting these type of stories or incidents, when the actual commercial interests are seemingly not letting it be known, or doing much about internet safety or security, as perhaps they should. I appreciate that scaremongering or conspiracy theories might come into being, and alarm might cause more harm in the long term, and possibly after any event.
Only today, I was reading briefly about a 'known' problem with eBay,that apparently started back in February, regarding possible hacking, which is still going on today. This as nothing to do with the recent scare, that eBay requested password changes, its something that might have been known earlier, and its very professionally done, with the use of eBay fake listings and redirection.
According to the article, the BBC investigation as subsequently uncovered 64 false listings within a 15 day period in September alone, across a range of products. The BBC also stated that the problems still remained on the website 12 hours after being reported. This is how this particular incident is being done, for anyone interested. YouTube video click here
LastChip , exactly what Microsoft have been doing for years. The fact that the bug is years old is also important. Now that the focus of these malware writers is moving on to other OSs, as well as Windows, should be very worrying for every one. It's just the beginning of assaults on Linux and iOS I would think.