It prevents a user visiting those sites from getting compromised.

However, the spread if this is via SQL injection, so as long as those sites are insecure, it will keep going..

The first paragraph of the article notes that this is spread by SQL injection, which is something that happens on the server. Noscript works on the browser.