I used to see this a long time ago but with the 404 error (missing file/page/image, etc.).
The hack was to create a specific malicious 404 error page and edit the normal home page (or any other) inserting a link to a non existent page/image, etc. triggering the malicious 404 page.
I just wonder if there isn’t something similar going on here.
Description: Malicious scripts injected to Magneto (and other e-commerce) site that try to steal pyament details and site credentials from website forms. Typically the hijack login and checkout forms and send entered data to a remote third-party site controled by the attackers. Sometime the script may redirect online shoppers to fake checkout pages.
Script injection malcode, thank you DavidR and Pondus for putting the detection-cherry on the cake.
The proof of the pudding is indeed in the eating, but we had to taste it first…
For the moment I get here with the 403 error
403 Forbidden
Forbidden
You don't have permission to access / on this server.
Apache Server at -aw-snap.info Port 80
VT gives as clean: -http://aw-snap.info/wp-content/redleg_sm.ico,
somehow the connection is not encrypted and not secure.
So Redleg has some cleansing to do on his own website analysis website ;D