There’s a major SQL injection attack going on that’s compromised tens of thousands of machines — and possibly hundreds of thousands. It works by using SQL injection to update MS-SQL-based (no others reported yet) databases so that the links on a victim site all point to a URL infected with malware.

The URL has a malicious javascript that runs and attacks a certain version of RealPlayer — giving the attacker the ability to run arbitrary code on the client machine.

[ Mass SQL Injection Attack ]