The Register is reporting that determined hackers have injected malicious code into pages on supposedly reputable web sites. The compromised pages were attacked via SQL injection - this is typically where content posted from forms or via querystrings in
URLs isn't properly checked before it gets near a database with hilarious consequences.
It's been a known issue for years and used to be a sure sign of sloppy coding. It isn't restricted to Windows servers as the article suggests.
Then again in these brave, user-generated content times - if you allow users to post links to favourite sites - how are you supposed to prevent them from linking to dodgy items?
Users unfortunate enough to visit the infected pages will be redirected to sites that attempt to exploit known vulnerabilities. Probably a good time to make sure your machine is patched and up to date.
More on The Register