seeing this fake jquery.js file...anyone else?
 

94.247.2.195/jquery.js

in the html source of the sites I'm seeing it as unescaped. In my activity window I see it resolving to actually 94.247.2.195/jquery.js. I just saw it on two submitters today. So I'm thinking possibly all their sites are infested with it. I don't believe it to be them. Most likely a weak link at some place in their setup. I'm going to send a message out to the submitters, but wondering if anyone else has seen this and how did they proceed.

I only noticed too because they sites were taking awhile to load. So I popped open the activity window. Ugh. I just can't imagine these submitters are actually going to fix all their freesites. So most likely I'll be trashing a bunch. Too bad too because they were pretty decent sites.

So yea. Anyone else see this yet? Now I feel I need to write some code to scan all my sites for document.write code in the html source. Fun for tomorrow at some point.

I can't reach that site anymore or I'd take a look and see what's in there. It might also not be fake, jquery's a JS library for user interface stuff so someone might actually be using it. It's quite useful in that sense.

That is an exploit added to html and javascript by FTP. If you are seeing that, then the submitter's FTP account has been accessed.

There are about 4 different incarnations of it -- all resulting in the same end result. You'll also want to check any php file for code like this embedded right before the