Those were used in the first batch of attacks that happened a few weeks (months) ago:
Details about the malware:
For hosting providers/security companies: Block the IP address 220.127.116.11 – (it is hosting all those sites).
Name: Alex Bodrov
Address: Polubotka 19-10
Province/state: Chernigov region
Postal Code: 34586
Name: Alexandr Borisenko
Address: Polubotka 81-38
Province/state: Kiev region
Postal Code: 45675
We will post more details as we learn them.
If your site is hacked and you need help, visit http://sucuri.net to learn about our malware removal and monitoring plans.