US-CERT is aware of widespread SQL injection attacks compromising websites across all sectors.  The compromised sites have been modified to include a reference to a malicious JavaScript file. When a user unknowingly visits a compromised site, they are silently re-directed to a series of malicious web pages that attempt to exploit multiple client-side vulnerabilities in a number of applications, including Internet Explorer and RealPlayer.

More information regarding this security risk may be found in the following:

• Vulnerability Note VU#871673
• Sans.org Mass exploits with SQL Injection Document

• Update RealPlayer to the latest version
• Disable ActiveX as described in the Securing Your Web Browser document