See: http://killmalware.com/keti.com.pl/#
See: https://www.virustotal.com/nl/url/a397e5187de659401913e6f7847e5638bab5a554d4dd87c5fa886e00b102713a/analysis/
Blacklisted: http://www.google.com/safebrowsing/diagnostic?site=keti.com.pl
Website Malware mwjs-iframe-injected530?v27 htxp://keti.com.pl/wp/wp-includes/js/json2.min.js?ver=2011-02-23 ( View Payload )
The malcode at hand: http://jsunpack.jeek.org/?report=95a4cc1dd8b8fa005c1509439b05e50686d8e436
For security research only, open up in browser with noScript extension active and inside a VM/sandbox.
Theme and attack:
http://themeforest.net/item/dynamix-business-corporate-wordpress-theme/113901/comments?page=181

polonus