Thanks again for everyones input - Id like to say again - Im sorry if I in any way implied this is a MOD-X specific exploit... it is NOT! - the last thing I want to do is upset the support and use of the great framework that is ModX
A bulletin update regarding this exploit was released by adobe on June 4 - the same day as my original post, scarily enough:
http://www.adobe.com/support/security/bulletins/apsb09-06.html
Steven, from your post, am I right in concluding from what you say that disabling Javascript in Adobe will also disable the exploit? Or, once the exploit is resident, there is a vulnerability until the local machine is cleaned (either by finding the virus or formatting the drive)?
I say this as I have run Sophos, Antivirus, Norton, AVG, Avast, Spybot S&D, Spyware Doctor and Adaware without any success in hunting down the trojan in question.
Separately, am I right in saying that the actual site hosted does not have the trojan/dropper/exploit resident itself, rather a script / code redirection (either through iframes or javascript injection - and image / SWF Flash injection in some circumstances) to the trojan and / or marketing scam sites, etc?
Thanks again,
Dan.