Web servers getting hacked seems to be somewhat common these days depending on their exposure, though it was still a bit of a shock to read that an estimated 500,000 sites have been compromised in a short period of time. F-Secure is reporting that a large number of sites have been compromised through a massive SQL injection exploit. While others reports claim the source of the problem is IIS (Internet Information Services), the nature of SQL injection makes it possible for many types of servers to become infected.
It seems the actual problem lies within poorly designed web pages, something that is pretty hard to fix on a worldwide scale. As far as individual users are concerned, the danger is when clicking on links that have been added on otherwise trusted websites as part of the exploit, obviously without the site administrators knowing about it.