See here: http://ninjafirewall.com/malware/index.php?threat=2013-04-02.01
and
http://www.nonumber.nl/forum/NoNumberExtensionManager/11206-update-of-framework-plugin (reply posted by Peter van Westen (admin)
See: http://urlquery.net/report.php?id=2064082 IDS for ET POLICY Maxmind geoip check to /app/geoip.js → http://doc.emergingthreats.net/bin/view/Main/2015878 → credits to Gmane reporting trojan activity with this: http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/17952

polonus

Well the only reason it is being abused (if this exploit is a year old) surely is the lack of security awareness of web-masters and hosts not keeping their content management software updated.

Hi DavidR,

Certainly this is one of the main reasons why websites get compromised - namely outdated and non patched website software.
But there are also other things that could get hopelessly wrong with for instance plug-in abuse on Joomla, see this example discussed here:
http://blog.sucuri.net/2013/04/when-good-plugins-go-bad-seo-spam-on-joomla-sites.html (link article author = Daniel Cid)

polonus

Another instance: http://urlquery.net/report.php?id=2088586
avast! Network Shield blocks effectively as URL:Mal
So we are being protected against offending IP going to htxp://199.201.123.83/ with IP fraud ET POLICY Maxmind geoip check to /app/geoip.js

polonus