I'm not too sure of the real purpose of the hack.
It creates links on g00gle to Youtube like pages. At least I don't think they link to real Youtube pages.
It might be a fake site that tries to load malware on your PC. I didn't click the link to find out (call me "chicken" if you like /tongue.gif' class='bbc_emoticon' alt=':P' /> ).
Details of the hack that I have come across.
1. Seems to affect RC version sites where the admin hasn't been renamed and the admin isn't protected by a .htaccess file. Most likely victims of the "admin vulnerability" hack.
2. Creates these folders in the /catalog/images folder:
Hidden folders full of html files used in the hack.
3. Other files I have found in most infected sites in the /catalog/images folder:
- news.php (hacker code)
- news.txt (record of g00glebot hits)
- news.dot (displays youtube like page)
- page.php (hacker code)
- sitemap.php (hacker code)
- .sys.php (hacker code)
- sites.txt (list of around 150 to 170 infected sites)
- style.css (stylesheet used in the hack)
- key.txt (key phrase list that appears on g00gle, like "Hot Video: <phrase here>")
- load.swf (swf file used in the hack)
It's been going on for at least a week. Most of the sites I visited where I could see the dates on the files they were Aug. 15th of this year.
This would seem to be another affirmation to rename your admin and shelter it with a .htaccess file.