Hi malware fighters,
Read here: Rackspace, Mediatemple and Bluehost.
Description:This encoded javascript loads malware from:
*.myads.name/system/caption.js
*.adsnet.biz/system/caption.js
*.toolbarcom.org/system/caption.js
*.mybar.us/system/caption.js
*.freead.name/system/caption.js
bl.prshow.org/js/in.js
bl.pqshow.org/js/in.js
bl2.prshow.org/js/in.js
bl2.pqshow.org/js/in.js
*.ipwn.ws
And some sub domains within it: “vagi.”,“vain.”,“vale.”,“vars.”,“vary.”,“vasa.”,“vaut.”, “vavs.”,“viny.”,“viol.”,“vrow.”,“vugs.”,“vuln.”
Affecting: Any web site (common on Wordpress and Joomla) hosted at Rackspace, Mediatemple and Bluehost.
Malcode JS see attached picture
polonus