Those who have been following the SQL injection attacks will recognize b.js and m.js as the two most commonly used filenames for the first stage malicious javascript rendered in the attacks. Searching Yahoo today for ".com/b.js" returned over 1.8 million results and ".com/m.js" returned 435,000. Adding "src=" to tighten the search results still netted over 2 million combined. And that doesn't factor in .cn, .net, and other domain suffixes used by the malware hosting domains.

Of course, search results can sometimes quickly peter out into something non-related, so we looked as far through the results as Yahoo would allow - 100 pages or 1000 results total for each. In both cases, the search results for the last page allowed were as pertinent as the first page. Adding in keywords to gauge the impact on different categories of sites revealed the following results:

Government: 35,000
Hotel: 97,000
Travel: 88,000
Education: 25,000
Finance & Banking: 2,000
Mortgage: 15,000

It's worth noting that while government sites across the globe have been outfitted with the tell-tale malicious script references, government sites in Argentina were the hardest hit. It's also worth nothing that while some of the script references were from older attacks, as we reported last week some domain registrars are releasing suspended domains back to the attackers. Not to mention that the continued presence indicates the site owners are likely oblivious to the compromise and thus equally oblivious to the underlying deficiencies that exist within their security practices. In other words, the two million plus websites found in these searches are either actively trying to infect visitors or could begin actively trying to infect visitors at any time.

A very tangled, mangled Web, indeed.