According to the SANS Internet Storm Center, the lilupophilupop SQL injection attack has now infected more than a million sites.

"The attack was first identified and disclosed by researchers at the SANS Internet Storm Center back in early December, and at the time there were only a few thousand infected pages," writes Threatpost's Dennis Fisher.

"'Sources of the attack vary, it is automated and spreading fairly rapidly. The trail of the files ends up on 'adobeflash page' or fake AV. Blocking access to the lilupophilupop site will prevent infection of clients should they hit an infected site and be redirected,' Mark Hofman of the SANS ISC wrote in the initial analysis of the attack," Fisher writes.

Go to "Lilupophilupop SQL Injection Attack Tops 1 Million Infected URLs" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.