One of many SQL injection attacks is getting some blogger attention, largely due to generic searches on the malware domain name. The malicious iframe on the compromised site is:

script src=http://ww.robint.us/u.js

Search on the full iframe with quotes and you get about 7k hits in Google. But search on just the domain name or omit the quotes and you get over a million hits. That's because the more generic search picks up any page that mentions the domain or includes any mix of those keywords. This loosely constructed search mistake causes some to believe the attack is much larger than it really is.

Certainly 7k Web pages compromised is nothing to sneeze at but it's certainly not a million pages and certainly nothing new - many of these same compromised pages have been repeatedly compromised in one SQL injection attack after another since 2007.

On a more positive note, when SQL injection attacks first went mainstream a few years back, it wasn't uncommon to see a million+ pages compromised in a single attack. From that perspective, 7k is a vast improvement and shows that at least many sites are paying attention and taking the appropriate security measures. On the downside, attacks like robint.us are just one of over a thousand unique attacks carried out via the Web each month.