UPDATE: The sql injection script that hit us, hit over 800,000 websites
Well I guess we are in good company.
We’re currently monitoring a still-ongoing mass compromise involving a great number of websites. The compromised sites have been injected with a malicious script that triggers redirects to certain URLs that lead to malware such as FAKEAV.
Based on Google searches, there is no common denominator in terms of the industry to which the compromised sites belong. We saw compromised websites related to astronomy, clubs, hospitals, sports, funeral homes, electronics, and others.
More URLs Involved
Investigations revealed that five URLs were used for the attack and were inserted into the compromised sites through SQL injection. The said URLs all resolve to a single IP server—a known malicious IP Trend Micro researchers are monitoring. Thus, the related URLs have been proactively blocked by Trend Micro as early as March 25, 2011:
You can read the rest of the article here: http://blog.trendmicro.com/lizamoon-etc-sql-injection-attack-still-on-going/
Gads.. I mean really.. Gads..