which site did you spot check?
That file is one I must have missed from whne the site was hacked, back in march. We cleaned it, i must have missed that one. I should not be accessible.
This is a new incident, started happening two days ago. Nothing on my pages looks out of place, there is an iframe pushing a redirect JS, and its not coming from inside my site.
Looking at that file, it was a remnant of the TimThumb Wordpress hack. That was a clumsy attack that left malformed html all over the place. It was easy to find and remove. We missed one file but it had been rendered inaccessible. This is a lot more sophisticated, it only injects intermittently, and it seems to exclude some IP addresses from being attacked.