http://blogs.technet.com/robert_hensing/archive/2008/10/23/mass-sql-injection-the-chinese-way.aspxThe blog pretty much speaks for itself: http://www.circleid.com/posts/20081022_sql_injection_attacks_chinese_way/ Client-side browser vulns are of little use without an effective way of spreading them to the victims - unfortunately - it's still relativelyen-USCommunityServer 2.1 SP1 (Build: 61025.2)