Background: Several pages on MetaFilter last night had a script tag pointing to an h.js file on tejary.net. I was going to post this as a comment, but the website was taken down.
Hopefully this helps someone:
h.js is a file that writes an iframe when executed, an iframe pointing to kodim.net’s faq.htm.
The count49 JS file also looks for two cookies: cck_lasttime and cck_count, which don’t seem specific to MetaFilter. If they don’t exist, the JS creates them. If they do exist, it increments cck_count and updates cck_lasttime.
I would cautiously say that there’s no attempt to steal user data here, with the massive grain of salt in that I’ve only spent five minutes looking at this for the fun of it. However, the fact they did manage to get into MetaFilter is worrying.