One of my client site previously was infected with malware as well (as reported by Google Chrome when you try to access the site).
I found out a code was padded at the end of the index file as well as all .js file. I replaced those files & the malware keep coming back after awhile.
I then change the ftp password & update those files again. The malware no longer come back.
So I conclude it's a FTP password leak.
If you've ever sat in a wi-fi enabled cafe snooping on traffic, you can easily see how someone can get the FTP password that way
This post has been edited by wodenus: Jul 19 2012, 07:37 PM