Monday, 17 March 2014
Injection attack in progress 17/3/14
These are hosted on 220.127.116.11 and 18.104.22.168 respectively.
The malware is resistant to automated tools and redirects improperly-formed attempt to analyse it to Bing  . The malware is appended to hacked .js files on target sites and looks similar to this:
This sort of attack has been used to push fake software updates in the past. Even though I can't quite get to the bottom of this at the moment, you can be pretty sure that this is Nothing Good and I would recommend blocking these domains.