A massive SQL injection attack is hitting numerous web sites, spreading fast across the web, and BetaNews reported today that it may have compromised as many as a million sites by this afternoon.
The new attack, called LizaMoon, is a “scareware” attack that directs users to a web site that tells them their computers are infected with malware, then attempts to sell them a fake anti-virus program. SQL injections work by injecting scripts into a SQL Server database which adds it to the web sites. You can read more about it here: