Half a Million Microsoft-Powered Sites Hit With SQL Injection
Slashdot posted a link to an article yesterday regarding a recent attack on approximately 500,000 websites via SQL injection that seems to be limited to Microsoft's IIS webserver.
According to Bill Sisk, Microsoft's Trustworthy Computing Response Communications Manager:
"Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov."
For details, see WIRED.