(update: the infection number is over 6 million now as of Aug 3rd)
On July 24th, we published our initial report on this willysy mass injection incident, which at that time hit around 90,000 pages.
As of July 31th, Google shows more than 3,410,000 (willysy) + 386,000 (exero) = 3.8 million infected pages. Note this number is for individual infected pages, not sites or domains.
And so we've largely updated and reformatted (so new info appears at the front) the initial report, adding to it the infection number, source IP of attack, log entries, osCommerce vulnerabilities used, and more. Please go there and have a look, thanks!