Hi Pondus,
Thanks for the conformation of this being malware.
As always it is valuable additional information you are providing,
site also had been part of the Nosferatu malware campaign:
re; http://research.zscaler.com/2011/03/webfusion-nosferatu-seofakeav-campaign.html (article source Zscaler blog, March 7 last)
because we see code with this link going here:
hxtp://www.liveinternet.ru/click
re: http://wepawet.iseclab.org/view.php?hash=002700232da58542a52a8771c574383d&t=1305320485&type=js
Damian