Description: A suspicious javascript remote include or iframe call was identified in the site. It it used to load malware from a location there is commonly used by malware code. It is likely the site was compromised.
Common locations are malware loading from images/stories on Joomla or wp-content/uploads on WordPress.
httx://site.com/wp-content/uploads/2013/05/temp/s.php
.. many more variations..
Those are often used to redirect the browser to SEO spam sites via a TDS. However, since this is a generic rule, the malware can change from site to site.
Affecting: Any web site (no specific target).
Clean up: Nothing specific.
Last update: 2013/Oct
Malware dump: