Has anyone ever come across this: http://www.esuli.it/index.php/2009/03/24/adsttnmq1sdioyslkjs2-attack/
We use a third party hosting provider to host our clients Web Sites. They run h-Sphere. They're claiming that the code injected into our sites was done by a Virus on one of our machines which harvested FTP details. There's nothing in their logs that shows any of our IP Addresses uploading the malicious scripts. They have admitted it came from an IP Address in China.
It's a shared hosting server and I was able to check other Web Sites on this server, that aren't on our account and in no way associated with us, and they all had the same malicious code on their page HTML source too.
I'm very interested as to whether this is a vulnerable Web Server or an outbreak like Gumblar.