I have a client that had a number of sites infected on a dedicated server. At first I thought is was some coding issues but not being able to find the entry point the client changed some coding on the infected site. This client has about 80 or so websites on their server.
More of the sites became infected in different folders all were .js folders with redirects to a downloader. I stopped the ones infected in IIS until we could figure out what was going on.
The host came back and said it looks like the Plesk interface has a weakness that is the entry point. Doing some research it looks like many other host using Plesk have also been hit.
Thought I would post this so others using Plesk can check their sites and make sure if there is a patch get it updated ASAP.
I am moving the client to a new server and doing away with plesk interface.
I don't have anything to do with that end with this client they didn't want to pay me for this. After this they have added my fees to help maintain the server side end so at least it helped me add to my income. :)