We are tracking for the last few days a large scale attack against osCommerce sites. First, it started as an SQL injection using willysy.com and exero.eu to distribute the malware, but now it expanded to use 1see.ir/j/ as well.
This is what shows on an infected site:
Sucuri identifies those type of web-based malware as: http://sucuri.net/malware/malware-entry-mwjs1241 and you can get more details in there as well.
Our support team can clean it up for you if you are infected. Sign up with us here: http://sucuri.net/signup and we will get it sorted out pretty quickly.
If you have any question, let us know (firstname.lastname@example.org).