I have been monitoring one of the latest injection hack attempts since early July. The attack is pervasive and appears to be powered through one or several of the larger Botnets. The attack, whether successful or not is not hard to miss. It shows up as a rather lengthy piece of hexadecimal code in your server logs with the visible commands DECLARE, SET and CAST.

Watch your server logs for something like this: ;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0×4445434C415245204054207661726368617228323535292C404320766 17263686172

I've written a brief article about the subject with the decoded injection and the js from the originating site in China: douhunqn.cn. I also include .htaccess info for preventing the attack.

Read the article here