Hi DavidR and Fluffydog,

Website software that caused the problem is PleskLin and the 0-day exploit. Read Brian Krebs story on this attack campaign: http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/
Read here: http://kb.parallels.com/en/113321
This malware from the same IP has been closed in the mean time: http://support.clean-mx.de/clean-mx/viruses?id=12065708

polonus