Moreover, it does not only redirect users to spammer websites but also infects the user computer with a malware and virus that steals any stored password from the FTP client and uses that to attack the sites. It is advised to use an Antivirus for your PC if you have none. Nod32 was able to detect the malware right away and blocks me from visiting the infected websites as well as the Google search engine result. I did not test it with other Antivirus software’s.
The whois info of the rogue website nikjju.com revealed that it was registered in China on April 1, 2012 using BizCn.com as the registrar. 18 days just after the domain was registered it already has already infected 180,000 urls.
The Mass SQL injection according to Sucuri is similar to the LizaMoon Mass SQL injection which uses ur.php to hide the malware that as of this time, there are still sites being infected.
To find out if you’re site is compromised you can run a test using Sucuri SiteCheck to check.