What malware is here? It sure is a PHISH!

[polonus]

See: http://zulu.zscaler.com/submission/show/d50ea9479c9d9fd447604ea98d8bc299-1346518414  nothing detected
See: http://urlquery.net/report.php?id=118853
Flagged by Bitdefender's Traffic Light as unsafe.
Detected escaped characters above (, %3A, %3F, %26, %2B, %2F, %2B, %2F, %....) decodes to something like -> :?&+/+/+/+////++//==@#@@#@@#@@#@@#@@#@  and iFrame source: htxp://targetedtopic.com/sk-pxbrdg.php?rdiu≈ X55g%3ADD4vV4fY.JvVDQ%3FJPzGb%26UPKB5fNBf5%2BRfJ3Nf' width≈ 0 height≈ 0 frameborder≈ 0>
See: http://www.mywot.com/en/scorecard/targetedtopic.com?utm_source=addon&utm_content=popup-donuts
PHISHING malware domdex search retargeting, see WOT flags:
http://www.mywot.com/en/scorecard/domdex.com?utm_source=addon&utm_content=popup-donuts
known blacklisted scam site,

polonus

[Pondus]

sucuri dont like it .....so something is phishy   
http://sitecheck.sucuri.net/results/projectcamelot.204.197.91.208.internetmadesecure.com

[polonus]

Hi Pondus,

It is or was a JS/Kryptik.DA trojan download connection, it comes  in index.php &  wp-admin/index.php, and the hack has been with us since Nov. 2010,

polonus

[polonus]

This malware infects websites via a Joomla exploit. Interesting read here: http://forum.joomla.org/viewtopic.php?p=1671912 (poster bydosangel)

polonus

[Pondus]

Norman lab

At the time of analysis not found any hidden code, the page may be cleaned, we will monitor the page.