Web sites hit by the “winzipices.cn” SQL injection attack have their web page contents modified to point to malware that is automatically downloaded by any visitor to the site. These sites are all vulnerable to SQL injection (or have recently been vulnerable) and were hacked by this automated hacker toolkit. In addition, by executing a Google search on the malware server name, hackers can find sites that have been already been exploited.
According to Microsoft, there’s no patch to fix the issue — the vulnerability lies in custom ASP code that fails to follow well-established security practices for handling database input. Also, according to Microsoft, if your site has been affected, you will need to restore your database from a clean backup copy and start reviewing your code to make sure all input is properly sanitized.