The site was down from about 6:45 to 9 due to malware. This time we:
1. Took the site down immediately. Malware had been up about 10 minutes, I think.
2. Identified the offending script.
3. Locked down that directory so that it will run nothing.
Never say never but we did a much better job this time around and have identified the offending vulnerability to deal with it, something we had issues with before. The offending directory is one of the areas users can upload to, of which there are no others, and we've just shut off any ability for someone to execute in it.
Sorry for anyone who got hit in that brief window. We are just about at the point where this should not happen again, I think.