Description: Malware javascript added to IIS sites via SQL injection.
Domains used:

http://alisa-carter.com/ur.php<br /> http://google-stats50.info/ur.php<br /> http://pop-stats.info/ur.php<br /> http://sol-stats.info/ur.php<br /> http://online-guest.info/ur.php<br /> http://google-stats48.info/ur.php<br /> http://multi-stats.info/ur.php<br /> http://nbnjkl.com/urchin.js<br /> http://jjghui.com/urchin.js<br /> And many others.
Details:
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-2677-inyahoo-js.html
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html


Affecting: Any IIS/ASP site.

Clean up: Revert back to your latest database backup or clean up each entry from their. Malware dump: <script src="http://alisa-carter.com/ur.ph..

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb