A new SQL injection hack has topped more than one million infected sites with viewers directed to a site selling bogus anti-virus software.
The so-called ‘Lilupophilupop’ attack involves hacking the SQL database servers running on web server machines in what’s known as an SQL injection attack.
SANS Internet Storm Center security researcher Mark Hofman first documented the attack and pointed out that websites worldwide including over 25,000 in the UK back in December were already infected by the attack.
Treatpost pointed out threat there are "dozens" of SQL attacks going on at any one time but more than a million infected by one variant "commands some attention."