An automated SQL injection attack has been detecting Web site errors, then injecting malicious scripts to turn the sites into an attack platform.

“The attacks, first detected in November by researchers at Web security vendor ScanSafe, are injecting malicious iFrames that install a backdoor Trojan,” writes Security Bytes’ Robert Westervelt. “The Trojan uses a malicious domain, 318x, to install malware including the Buzuz backdoor Trojan.”

“A later search found that nearly 300,000 Web sites may have been hit by the attack,” Westervelt writes. “It’s important to note that the attacks target any flawed Web site.”

Click here to read the Security Bytes story.