The attack has been dubbed LizaMoon because it uses a script hosted at lizamoon.com, a domain recently registered with fake contact information.
WebSense officials suggested the iTunes URLs were affected by attacking podcast publishers' RSS feeds, and noted that the way Apple encodes script tags prevents the scripts from running on the target computer.
In situations where it did run, the script redirected to "a well-known rogue AV site," they said.
Both the site hosting the script and the rogue Av site are now said to be unreachable.
SQL injection attacks rely on poor coding practices that allow commands to be executed by including them in strings such as search parameters. There have been suggestions that some of the affected sites were using third-party routines that were vulnerable to the attack.