I've spotted an iframe tag inserted as the first line of many pages on this site. It tries to pull code from http://www.foresx.co.cc
It clobbered me earlier and I spent over an hour trying to remove infections. It's a particularly new exploit and not all tools recognize it yet. I should note I do this for a living so when I say it's resilient, I mean it!