I've already mentioned this on the AVIEN blog, as it was an AVIEN member who first drew it to my attention, but a fairly dramatic SQL Injection attack has been flagged by the Internet Storm Center: it appears to resemble the lizamoon attack which was reported as affecting around a million sites earlier in the year.

Blocking the lilupophilupop.com site referenced in the injection string should prevent infection for the present, according to Mark Hofman, but there's much more information on the ISC diary entry - even the comments include some useful extra information.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow