Reports have reached us of a fresh SQL injection attack that has compromised many websites. A Google search of the malicious iframes used in the attacks nets over 100,000 hits:
As is typical, the initial iframes lead to HTML pages, which load iframes containing obfuscated JavaScript, which then attempts to exploit the unfortunate visitor. A successful exploit leads to a download of a malware of the Buzus family.
We already detect the malware binary as Trojan.Generic.2823971 with our latest Internet Security 2010 databases and as Trojan.Win32.Buzus.croo in our other products.