Net-Security has posted an article on the discovery of 132k+ sites that have been SQL Injected. From the article

"A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009."

The google search query string is here.

Read more: http://www.net-security.org/secworld.php?id=8604