It appears that large hosting companies such as Aruba and GoDaddy have been under direct and targeted attack by malicious software distributors for the past few weeks. The attacks that have succeeded so far involve script injection, obfuscation, string manipulation, and targets index files.
A file named ferdy_simonette.php was reportedly found in one provider’s hosting and sub-directories. This file was being analyzed at the time of this writing. This file could be named randomly or differently in each case. If you are a customer of one of the above providers, it’s enough to remove the malware script, if your website was infected. Twitter.com is being used to support the malicious scripts’ execution.
The end result or intended outcome of the malware is not clear at the moment, and the damage may be well contained, but the avenue of attack that was successful and WHY it was succesful need to be addressed.