Links to a fake virus scan that recommended fake security software on lizamoon.com and 27 other domains were injected into up to 4m web pages between 29 March and 3 April.
Despite the widespread success of the SQL injection attacks, swift action by security firms has limited the number of victims, according to the BBC.
Security researchers believe only a small number of people followed the link and bought the fake software because the domains set up for the scam were shut down quickly and the sites compromised by attack were relatively low profile.
This is a SQL-injection attack, emphasises Jim Walter, manager of the McAfee Threat Intelligence Service.
"Before any of us blow our IT budgets on database security goodies, we must all take the basic first steps," he says in a blog post.
Walter recommends simple and core techniques, such as constraining user input, validating user input, limiting types of input, encrypting sensitive data, and designing accounts with the principle of least privilege.
This story was first published by Computer Weekly