[From Computerworld]
January 07, 2008 (Computerworld) — Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend.
Roger Thompson, the chief research officer at Grisoft SRO, pointed out that the hacked sites could be found via a simple Google search for the domain that hosted the malicious JavaScript. On Saturday, said Thompson, the number of sites that had fallen victim to the attack numbered more than 70,000.
The article continues at
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9055858&taxonomyId=17&intsrc=kc_top