The Shadow Server folk have compiled a list of sites used in recent automated SQL injection exploits.

Whilst the recent openssl issues in Debian have gathered a lot of attention, and comment, I do wonder if the focus of attention is appropriate to the threat. The openssl issue was embarrassing yes, but the systems I managed were sorted promptly. The folks behind these SQL injection must have compromised many sites, and many end user computers, and they left their fingerprints all over search engine results as an indicator of which sites are vulnerable. There is a strange psychology at work here.

I've noticed that UK sites, and especially UK government sites, seem to get cleaned up quick after these SQL injection attacks. I'm guessing GOVCERTUK or someone is earning their keep (wonder if they use Google alerts? ;-). Anyone know who it is keeping on top of this in the UK?