Hackers?

[twintone]

People need to chill on immediately blaming your host. A host can not prevent someone from logging into your FTP account when they have the valid username and password! If you find this code on one of your sites, the first thing you need to do is change your password.

The problem is not with your host. Albeit possible that you have an exploit in a script, and they are dumping the code in that way. You still can't blame your host for that.

The far better chance is you have a Trojan key logger on your PC or PCs that you use to access your FTP account.

The key logger dumps your key strokes to an ICQ channel, and they have a bot that filters out the info they want. They then embed their code in your index files in attempt to infect more people.

Why do they do this? To feed their botnet. This is just a massive botnet ring. The code that is in your html will actually infect you and surfers with 2 Trojans. One to key log all your info, and another is a backdoor to control your PC. So you too can be part of their massive botnet.

I bet you anything if you SSH into your machine, and do a last | grep [username] you will see a login from an IP that is not yours.

Download this AVS http://www.avast.com/eng/download-avast-home.html (it is free) and scan your machine in "safe mode". You will find you have a Trojan that your current AVS is not picking up.

Just on a side note. Norton AV is the biggest piece of shit on the planet, and WILL NOT find this Trojan. I would suggest getting rid of Norton immediately. It is truly garbage. http://en.wikipedia.org/wiki/Norton...irus#Criticisms

We are 100% confident from our research, and running a honeypot for a few months that Avast WILL find this Trojan. I am sure there is other AVS that will, but we know for sure Avast will, and Norton will NOT.

Good luck with it. It has been something we have seen, and have been investigating since Sep 2006.