Massive SQL Injection Attack Compromises 380K URLs

Orome1 writes "A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked. The injected script redirects users that have landed on the various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution."

SQL Injection???

[gregrah]

This seems to me like more of a JavaScript injection attack. Or am I missing something?

Very difficult to tell from the worthless article and summary.

More Information Please?

[Haedrian]

Website use follows a Zipfian distribution. Less popular sites may be more vulnerable to attack since they'd be written by script kiddies.

So instead of telling us how many URLs have been hijacked, how about telling us how many end users are likely to be affected by this? It makes a large difference if one of the URLs is a popular website or just something a 10 year old patched together using Frontpage.

Here's a suggestion

[smooth+wombat]

How about posting a screenshot of the anti-malware warning so we can be aware of it. I recently had to remove a piece of cruft from a user's laptop which, as far as I can tell, came from a Flash ad.

Since I know this user doesn't go to random bobssoftware.com sites, it had to come from an ad or a compromised site.

Also, would it have killed the editors to go to the source rather than some blog which scraped the source site?