Tastatura - 2:50 pm on Aug 10, 2008 (gmt 0)

Couple of days ago I also noticed this type of an attack on one of my sites (same/very similar signature). No damage that I can see. I read through this and other linked threads, and it really sounds like "script kiddies" are trying to do this. After decoding hex data, attempt on my site is trying to run javascript file coming from cn domain as well, but it's different then some listed in other threads. Using SEs I searched for source payload using
-"http://badsite.cn/dir/file.js"
-"dir/file.js"
-"file.js"
and can see that number of affected (and indexed) sites is rising by the day. Ofcourse payload file can be named anything but I was curious about this particular "strain" of file. For those of you wanting to play along at home search for w dot js in parenthesis.