What it is read here: http://blog.sucuri.net/2012/04/nikjju-mass-injection-campaign-150k-sites-compromised.html
It is a mass Sql Injection.
See here: http://zulu.zscaler.com/submission/show/8673d20aeae2995934b1aaf0ad50daa0-1346187642
and here: http://urlquery.net/report.php?id=149742
https://www.virustotal.com/url/b05dd74378bf9fd0ce99e5845d727945e78105607ac1177d46fe6fb5f33ab6da/analysis/1346187730/
JS/Agent.gbk.1 found
Risky URLs found in: http://www.worksafe.org.in/forum/replycomments.aspx?id=50
1: htxp://www1.mainglobilisi.com/sl.php Google Safe Browsing diagnostic page for htxp://www1.mainglobilisi.com/sl.php
2: htxp://uhijku.com/r.php Google Safe Browsing diagnostic page for htxp://uhijku.com/r.php
3: htxp://skdjui.com/r.php Google Safe Browsing diagnostic page for htxp://skdjui.com/r.php
4: htxp://nmmkmm.com/r.php Google Safe Browsing diagnostic page for htxp://nmmkmm.com/r.php
Domain blacklisted by Google Safe Browsing: worksafe dot org in -
Domain blacklisted By Yandex (via Sophos): worksafe dot org.in -
Javascript malware see: http://sitecheck.sucuri.net/results/www.worksafe.org.in/
malicious software contains of 11 exploits…
Malware also known as TR/Barys.23775894, still active and detected by avast as MSIL:Agent-PL [Spy]
polonus