I manage a few servers I built for customers.. they had that happen also, but it wasnt the server and site that was hacked... but the adware system that was installed. As soon as you hit the site, it would want you to download an executable..which was a virus. Once I removed the "adware banners" software, cleaned up the database where adware banners kept its data, it was all good.
OpenX by any chance?
OpenX had a nasty Cross-Site Request Forgery vulnerability that's being exploited:
http://www.infosecisland.com/blogview/21172-OpenX-CSRF-Vulnerability-Being-Actively-Exploited.htmlHowever at least aminet incident wasn't case of OpenX banner since the actual site served the malicious javascript.
