server side script
The script is server-side; it's PHP which means it'll happily reside on *nix servers... and in all probability it's (cheap) *nix hosts that have been targeted. That does not mean it will affect *nix clients however - it simply uses PHP to glean some information about the user's system, looking for known vulnerabilities - as the story states - initially in Adobe software and then MS vulns.
Unless you're doing something seriously daft, you should be safe under *nix (depending on payload). Under windows, noscript _may_ prevent the attack if it happens to be blocking Flash at the time of viewing a compromised site. If. however, it's a site that you've already white-listed, all bets are off... and that's assuming you've got Windows itself patched up to date.
My money is on an FTP breach - there have been a few in recent months, primarily targeting the cheap *nix hosting market - it seems to be something in the way the hosting companies have their systems set-up (open or anonymous FTP access - no IP address restrictions) - using keyloggers was the first "explanation" uttered (e.g. it's not our fault, it's yours for not securing your PC) but it could be packet sniffing or brute force... whatever.
This recent spate of cracks have normally resulted in .htaccess uploads (full of Mod Rewrite redirects) - it was only a matter of time before someone combined something genuinely dangerous with these breaches.
Biting the hand that feeds IT
