torson - 6:44 pm on Mar 14, 2007 (gmt 0)

I had the same problem, with two hacked sites with java redirects to a russian site. The IP that changed the the files on my domains was from the US. Two different domains hosted by two different providers with very strong passwords. Both domains have only static html pages with no database like mysql, no fileupload and no php. I think someone installed badware on my workstation and read the local ftp password database of the ftp programm or was listning to my ftp connection. I´m using a firewall and a antivirus software on that workstation. So it wasn´t a attack to the server, it was an attack to my workstation.
BTW Not only sites with badware on their will get the harm sign, also sites that link to a page with badware on a different domain.