This attack uses .htaccess to redirect users to a site serving malware (or spam). In some cases, the index.php is also modified to do the redirection as well.
Loads malware from (18.104.22.168):
Any type of web site (no specific target).
Clean up and details:
Remove offending code from .htaccess and/or index.php.