SLQ injection, rampant on Internet!

Hi malware fighters,

The rough number of SQL injected sites is around 1.5 million pages, in reality the number is much bigger,
and there are several ongoing campaigns injecting obfuscated characters making it a bit more time consuming to track down. We experience a renewed use of these attacks in 2009, which started during 2007 - see links explaining:
http://www.theregister.co.uk/2009/04/02/new_sql_injection_attack/
http://securitywatch.eweek.com/exploits_and_attacks/sql_attacks_-_half_a_million_sites_already_owned.html

Who’s behind these attacks? Besides the automation courtesy of botnets, the short answer is everyone with a decent SQL injector, and today’s SQL injectors have a built-in reconnaissance capabilities, links:

http://ddanchev.blogspot.com/2007/07/sql-injection-through-search-engines.html
http://ddanchev.blogspot.com/2007/05/google-hacking-for-vulnerabilities.html

polonus

And don’t we know it as the web shield is all over it like a rash, problem is many sites simply refuse to believe they have been hacked and shoot the messenger instead.

There is at least one topic in the forums like that with a statement like your AV must be having a bad day.