A thorough search of the server for any files with 'baby' in the name has revealed quite a few, they have all been removed from the sites and the backups. We will continue to monitor the files for any more. Meanwhile the server administrator is checking the log files for any sign of intrusion and will report back soon.
The server has been checked over and we will continue to monitor in case of any further occurrences.
OK, we are looking into this now.
All baby liss files have been deleted and a vulnerability has been found through the FCKeditor used on one of the site. This editor has been removed and a check is being carried out to see if there are any more FCKeditors in use on the machine. They will be removed if found.
I greatly appreciate the timely actions of Mr. Ashton! The same hackers who abused his network had also heavily spammed a forum I like (the anti-spam group InBoxRevenge.com) with links to the previously listed scam webpages.
Please accept my best wishes.