Originally Posted by ruff

I got hit with this a while back. I was using Filezilla without realizing my ftp passwords were unprotected. The malware is put on the site using an iframe and is apparently turned off and on by the hacker whenever he wants. Virtually impossible to detect unless you physically scan your html. Mine was placed just after the body tag. One of my sites infected a very pissed off member who dressed my ass down. My server admin cleaned everything up and I switched to CuteFTP and started password protecting my logins.