What is Nikjju mass injection campaign? We are being protected by avast!

What it is read here: http://blog.sucuri.net/2012/04/nikjju-mass-injection-campaign-150k-sites-compromised.html
It is a mass Sql Injection.

See here: http://zulu.zscaler.com/submission/show/8673d20aeae2995934b1aaf0ad50daa0-1346187642
and here: http://urlquery.net/report.php?id=149742
https://www.virustotal.com/url/b05dd74378bf9fd0ce99e5845d727945e78105607ac1177d46fe6fb5f33ab6da/analysis/1346187730/
JS/Agent.gbk.1 found

Risky URLs found in: http://www.worksafe.org.in/forum/replycomments.aspx?id=50

1: htxp://www1.mainglobilisi.com/sl.php Google Safe Browsing diagnostic page for htxp://www1.mainglobilisi.com/sl.php
2: htxp://uhijku.com/r.php Google Safe Browsing diagnostic page for htxp://uhijku.com/r.php
3: htxp://skdjui.com/r.php Google Safe Browsing diagnostic page for htxp://skdjui.com/r.php
4: htxp://nmmkmm.com/r.php Google Safe Browsing diagnostic page for htxp://nmmkmm.com/r.php

Domain blacklisted by Google Safe Browsing: worksafe dot org in -
Domain blacklisted By Yandex (via Sophos): worksafe dot org.in -
Javascript malware see: http://sitecheck.sucuri.net/results/www.worksafe.org.in/
malicious software contains of 11 exploits…

Malware also known as TR/Barys.23775894, still active and detected by avast as MSIL:Agent-PL [Spy]

polonus

And here sgl injection script had to be replaced: GET /sl.php HTTP/1.1
Host: wXw1.mainglobilisi.com (*sslcert11.com)
see for malware there: http://www.google.com/safebrowsing/diagnostic?site=mainglobilisi.com/&hl=nl
5 exploits, 2 trojans, 1 scripting exploit. also detected by NetSec IP Control by Conrad Longmore aka Dynamoo
Also see Dynamoo;s Blog: http://blog.dynamoo.com/2012/07/something-evil-on-19428115150.html
http://blog.dynamoo.com/2012/08/malware-sites-to-block-on-19428115150.html
http://blog.dynamoo.com/2012/08/yet-more-malware-sites-to-block-on.html

polonus