The attack is targeting users whose default browser language is English, French, German, Italian, Polish or Breton. One of the sites accessed via the iframe is in Russia, the other is in the United States and is hosted by HostForWeb.com, Armorize says. Some of the planted malware accesses a site hosted in the United States, too.

Microsoft has been offering ASP.Net programmers information on how to protect against SQL injection attacks since at least 2005. In an article on that discusses preventing SQL injection attacks with SQL 2008 R2, Microsoft says, "Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker."

Companies running ASP.Net websites should validate that they have not become unwitting hosts of this latest attack.

?Julie Bort is the editor of Network World's Microsoft Subnet and Open Source Subnet communities. She writes the and blogs. Follow Bort on @Julie188.

in Network World's Wide Area Network section.