I just got information from my friend that one of biggest financial provider AXA Financial, their website was injected with JS:Illredir-CB [Trj].
avast! was detected there is 3 location was infected :
avast! [YANTOCHIANG-PC]: File “http://wxw.axa.co.id/DropDownMenuX.js” is infected by “JS:Illredir-CB [Trj]” virus.
“%3” task used
Version of current VPS file is 100607-2, 06/08/2010
avast! [YANTOCHIANG-PC]: File “http://wxw.axa.co.id/ie5.js” is infected by “JS:Illredir-CB [Trj]” virus.
“%3” task used
Version of current VPS file is 100607-2, 06/08/2010
avast! [YANTOCHIANG-PC]: File “http://wxw.axa.co.id/” is infected by “JS:Illredir-CB [Trj]” virus.
“%3” task used
Version of current VPS file is 100607-2, 06/08/2010
And from the summary website scanning tool, this website got suspicious category :
Make the links in your first posting so they cannot be clicked through, suspicious links should be written with wxw or htxp so the curious cannot click them and get themselves infested with malware.
If you analyze there, as kubecj pointed out to us, you would get a drop-down from here: wXw.axa.co.id/DropDownMenuX.js
to CreateElement here: hxtp://surechip.ru:8080/google.com/google.co.ve/digitalpoint.com.php
Empty source - Could not connect to site?