The system appears to have been compromised using SQL injection. Starting in
January of 2008, more than 500,000 websites were compromised using stored or
blind SQL injection vulnerabilities. The purpose of these attacks has been to
who visit the site using known browser vulnerabilities.
The SQL injection hack manifests itself as HTML <script> references
to known malware domains, including "nmidahena.com", "aspder.com", "nihaorr1.com",
and "winzipices.cn". The list of known malware hosting domains continues to grow
over time, although the injection techniques remain the same.