Anyone running IIS should make sure they are safe.
I'd suggest that the "attacker" probably made a mistake with his/her execution given that it is aimed at an ad agency. Having everyone's site telling them it's infected serves no purpose. On the other hand replacing ads on your site with ads that convert for the hacker is extremely profitable which was probably the goal.
Patch, move on, this isn't nearly as malicious an attack as others that get/got very little press. The sky isn't falling, only IIS's reputation is.
This was more like an Amber Alert (very alarming title) given the minor damage potential.