Avast flags the dropper here as VBS:Agent-KZ [Trj]!

Malicious: https://www.virustotal.com/nl/url/abddaf8d854647ded5f1ee9535a5a3eeb27166662c809e3f0df923aca83535b3/analysis/1417712923/
and http://killmalware.com/madagascarbiodiversity.net/
Flagged by avast: https://www.virustotal.com/nl/file/e558fdf8e59856746d477eaa5af026c4bd419319ab6007a3a3bd5ed3be8617a6/analysis/
/index.html
Severity: Malicious
Reason: Detected malicious drive-by-download attack
Details: http://sucuri.net/malware/entry/MW:DEFACED:01

Details: Malicious obfuscated JavaScript threatWeb site defaced.
Offset: 4058
Threat dump: See http://www.uploady.com/#!/download/j~e~oBz9sW5/oFGvqQsSUECrlS8A
Threat dump MD5: 4667FB094040103F5F964564346C0007
File size[byte]: 234296
File type: ASCII
Page/File MD5: D2C670980F2E0CF4D6BC40DAF27C8793
Scan duration[sec]: 0.017000
Virus will attach code to every .html file! like → http://www.commentcamarche.net/faq/30960-comment-se-debarrasser-de-ramnit
IDS alert given at urlquery dot net scan: ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution
This service has been discontinued: GET /app/easyInline.swf HTTP/1.1
Host: hdapp1003-a.akamaihd dot net → https://www.virustotal.com/nl/file/2db66da9a8f62e3a926e3f9269bb2d103f5b2f06018634e193dce934c3a15ce0/analysis/

Related to this attack? → http://www.coresecurity.com/content/e107-cms-script-command-injection
IP badness history: https://www.virustotal.com/nl/ip-address/208.113.175.192/information/

polonus