Large-scale attack underway that is targeting Web servers running Microsoft s IIS software, injecting the sites with a specific malicious script. Attack has compromised tens of thousands of sites already, experts say. Attack appears to be a variation of the ever popular SQL injection, in which malicious hackers uses malformed commands in order to insert code on vulnerable Web sites. Once the site is compromised, the malicious code then attempts to compromise the machines of visitors to the site and install malware on their PCs, as well.
Source: https://threatpost.com/mass-sql-injection-attack-hits-sites-running-iis-061010/74088/

