[bDok]

94.247.2.195/jquery.js

in the html source of the sites I'm seeing it as unescaped. In my activity window I see it resolving to actually 94.247.2.195/jquery.js. I just saw it on two submitters today. So I'm thinking possibly all their sites are infested with it. I don't believe it to be them. Most likely a weak link at some place in their setup. I'm going to send a message out to the submitters, but wondering if anyone else has seen this and how did they proceed.

I only noticed too because they sites were taking awhile to load. So I popped open the activity window. Ugh. I just can't imagine these submitters are actually going to fix all their freesites. So most likely I'll be trashing a bunch. Too bad too because they were pretty decent sites.

So yea. Anyone else see this yet? Now I feel I need to write some code to scan all my sites for document.write code in the html source. Fun for tomorrow at some point.