Net-Security has posted an article on the discovery of 132k+ sites that have been SQL Injected. From the article
"A large scale SQL injection attack has injected a malicious iframe on
tens of thousands of susceptible websites. ScanSafe reports that the
injected iframe loads malicious content from 318x.com, which eventually
leads to the installation of a rootkit-enabled variant of the Buzus
backdoor trojan. A Google search on the iframe resulted in over 132,000
hits as of December 10, 2009."
The google search query string is here.
