Except: how the hell did that get there? sucuri.net tells me that there is an outdated version of plesk running on that host, so I'll be contacting my web-hosting folks to have a look at that. And how long has it been sitting there? And what did it do to those who touched it?
The only vector to this directory that I can see would be through my web-host -- random passerby shouldn't be able to write into that directory. I, personally obviously didn't put it there intentionally. This makes me just a little be paranoid...
The most common way for websites to get infected is apparently by running a version of Plesk earlier than 11 - and your host was running Plesk 8 according to the virus scanners:
http://blog.unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel/Notice your password is stored in cleartext, and until your host updates Plesk anybody will be able to retrieve it again - even if you change it.
As for what happens for people who visits the site, there is a description here:
http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/One of the online virus-scanners could actually decompress the Javascript on your 404 page, and the code was identical to the code in the link above. It would redirect to a URL (generated from random numbers, seeded with time) updated every 12 hours and fetching
http://URL/runforestrun?cid=botnet2The Blackhole exploit will look for client-side vulnarabilities in older browser version, and older Flash and Java, and Adobe PDF reader installations. It is apparently possible to commercially buy access and install whatever software pleases you on infected machines. The URL above hints that infected machines may be placed in botnets.
If you did see the 404 page, the best way to check if you are infected is by virus scanning.
Personally I also use the sysinternals tools to check my machine:
http://technet.microsoft.com/en-us/sysinternals/bb545027AutoRuns - to check which programs are executed at startup
RootkitRevealer
TcpView - to check if my machines has suspicious net connections