I’ve had an unconfirmed report that the SQL Storm attacks are now also affecting ASP.Net pages, specifically with a URL of http://www.chliyi.com/m.js (this appears to be offline currently but I wouldn’t suggest browsing there…) being injected into those pages. My team hasn’t worked on any incidents yet so I can’t confirm that it is the same issue; however, it certainly looks very similar.
This is a good time for me to remind everybody that Microsoft does provide no-cost support in the case of a security incident. If you’ve been affected, you can call 1-866-PCSAFETY in the United States & Canada. Outside of that area, refer to http://support.microsoft.com/common/international.aspx?rdpath=4 to find the right contact information.
(Thanks to Erwin Geirnaert for the heads-up.)