A large-scale SQL injection attack has hit 132,000 Websites as of today. The attack loads malware from 318x.com, installs a rootkit-enabled version of the Buzuz backdoor Trojan. The affected Websites include the City of Iowa and The Yemen Times. About half of antivirus vendors — 22 of 40 — can detect this attack so far, according to VirusTotal. The attack does not use a PDF exploit, but rather a mix of Adobe Flash Player, Microsoft Office Web Components, Microsoft ActiveX, Internet Explorer exploits.”]
Source: https://www.darkreading.com/attacks-breaches/some-132k-websites-hit-by-new-sql-injection-attack