Magento recently had to be updated. Avast! Web Shield is even alerting on this link for the malicious code on the magento website: htxp://stackoverflow.com/questions/13822419/clients-magento-website-contains-malicious-code-how-to-get-rid-of-it as infested with JS:iFrame-AGU[Trj]
This also played in May of this year and later so recently - Magento store can be hacked due to compromised FTP credentials, an insecure web host, a vulnerable extension, a weak password, or an outdated Magento installation. → http://blog.sucuri.net/2012/07/magento-security-update-1-7-0-2-zend_xmlrpc-vulnerability.html (also flagged by avast! Webshield as PHP:Backdoor-BG[Trj]
polonus