automated generic aspnet/mssql injection droppers

Earlier this month a wave of IIS/ web sites were popped via SQL injection and started serving out malicious files. Most of the attention was given to the 0day Adobe Flash exploit being used, among other methods. But I’m interested more in the initial attack (being that my developers code in The initial attack was an automated attack to find vulnerable SQL injection targets, poke around enough in the MS-SQL backend to find locations to inject, and then inject page data.

The links below give good info to the first half of this wave of attacks: attacking the server/app.