There is yet another large-scale injection attack going on right now, with nearly 200,000 pages affected so far. The compromised pages are serving visitors with malicious code that sends them off to a remote server for installation of malware. The attack is the latest in a series of similar campaigns in which criminals use various techniques often SQL injection to plant some malicious JavaScript on a large number of Web pages. That code either automatically redirects users to another site where some malware is hosted or tries to install malware on the visitor s machine itself.
Source: https://threatpost.com/mass-injection-attack-targets-aspnet-sites-101911/75773/