See: http://killmalware.com/laurocat.com/#

How it was being performed on Joomla sites: http://forum.joomla.org/viewtopic.php?f=432&t=705216&start=180 (info credits: nem2ace
Here the malware was found in 404testpage4525d2fdc redirecting to:
htxp://med-nais.ru/sunreal?9

Site infected with known javascript malware: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Flaurocat.com%2F
see: http://labs.sucuri.net/db/malware/mw-redir-fakeav533

pol