Avast flags the dropper here as VBS:Agent-KZ [Trj]!

[polonus]

Malicious: https://www.virustotal.com/nl/url/abddaf8d854647ded5f1ee9535a5a3eeb27166662c809e3f0df923aca83535b3/analysis/1417712923/
and http://killmalware.com/madagascarbiodiversity.net/
Flagged by avast: https://www.virustotal.com/nl/file/e558fdf8e59856746d477eaa5af026c4bd419319ab6007a3a3bd5ed3be8617a6/analysis/
/index.html
Severity:   Malicious
Reason:   Detected malicious drive-by-download attack
Details: http://sucuri.net/malware/entry/MW:DEFACED:01
  <meta name="description" content="hacked by Killer~X  :~ twitter: ClaxHacK">
Details:   Malicious obfuscated JavaScript threatWeb site defaced.
Offset:   4058
Threat dump:   See  http://www.uploady.com/#!/download/j~e~oBz9sW5/oFGvqQsSUECrlS8A
Threat dump MD5:   4667FB094040103F5F964564346C0007
File size[byte]:   234296
File type:   ASCII
Page/File MD5:   D2C670980F2E0CF4D6BC40DAF27C8793
Scan duration[sec]:   0.017000
Virus will attach code to every  .html file! like -> http://www.commentcamarche.net/faq/30960-comment-se-debarrasser-de-ramnit
IDS alert given at urlquery dot net scan: ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution
This service has been discontinued: GET /app/easyInline.swf HTTP/1.1
Host: hdapp1003-a.akamaihd dot net -> https://www.virustotal.com/nl/file/2db66da9a8f62e3a926e3f9269bb2d103f5b2f06018634e193dce934c3a15ce0/analysis/

Related to this attack? -> http://www.coresecurity.com/content/e107-cms-script-command-injection
IP badness history: https://www.virustotal.com/nl/ip-address/208.113.175.192/information/


polonus