[From IT Pro
The first six months of 2008 has seen a massive increase in SQL injection attacks, which can lead to legitimate websites we know and trust being compromised and infected with malware.
An SQL injection attack occurs when an attacker exploits weaknesses in the design of a website, gaining access and taking it over. Once in control of the database they will take data and add a malicious link. This usually takes the form of a drive-by download.
The article continues at