Researchers at the Sans Institute said that the huge number of hacks appears to be the work of a single malicious bot program.
The bot automatically travels from site to site, executing the SQL attack and inserting specially obfuscated code into the page.
Researchers were able to decipher the code left by the bot, which redirects users to a separate site which then attempts to run a number of exploits.
"I saw the very same attack in November last year, but it was not this widespread," wrote Sans researcher Bojan Zdrnja in a blog posting.
"It appears that the attacker improved the crawling/attacking function of his bot so he managed to compromise more websites."
Researchers also found that users were being directed to one of the sites being used to host an attack targeting a flaw in RealPlayer and attempting to exploit flaws in Internet Explorer.
The US Computer Emergency Response Team has urged users to mitigate the risk of attack by updating to the latest version of RealPlayer and limiting ActiveX controls on Internet Explorer.
Zdrnja said that administrators can protect against the attack by putting a proxy or web application firewall in place.
SQL attack hits thousands of sites
By Shaun Nichols on Jan 14, 2008 6:55AM