first not all sites or pages that are shown in googledorks are in fact still infected, the reason is that they didn't indicate to Google that they were the owners of the domain and that Google didn't came back after the clean-up.
But it does show that these sites were injected with this kind of scripts and maybe haven't reviewed their securitypolicies and can in future again be abused.
If you read the post on the Internet Storm Center that is it interesting that those infections for the moment were not only very professional but they didn't load any malware... untill when. When you take into consideration that the site in question is on the list of the Zeus Botnet command and control servers, you can only assume that they were building a new network for a new attack (linked to spam that would have sent their users to these pages on these normal trustworthy popular websites of popular magazines). Or that some of the network has been disbanded or overtaken and that they couldn't get access to their infected 'sleeping cells'.(terrorism language)
and this advice you should post on your wall somewhere
"SQL injection is bad and something people need to avoid by developing web applications safely. There are some tips for this:
- Sanitize input data: Input entered from the user should not contain any sql sentences or commands at all. Check for good data by validating for type, length, format, and range.
- Use store procedures: Your web application should have predetermined SQL sentences for data access. If the user request some specific information, the application invokes the specific store procedure, so there is no possibility of crafting dynamic SQL request.
- Use an account with restricted permissions in the database. You should only grant execute permissions to selected stored procedures in the database and provide no direct table access.
- Avoid disclosing database error information. Make sure you do not disclose detailed error messages to the user, because detailed error information shows the attacker where to check if the attack was unsuccessful."