My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press recently.

http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx