Bitdefender labs have just stumbled upon a website that presents extreme dangers to users, infecting systems with Zbot. Once accessed, the site opens an apparently innocent HTML page (Trojan.JS.QOS). The simple Please wait page is loading content hides a tricky JavaScript that redirects users to another malicious JavaScript. This second JavaScript file is called js.js and is stored in a folder with a randomly generated name. It appears this malicious JS file has been planted on a multitude of servers that host otherwise clean websites.”]
Source: https://www.bitdefender.com/blog/hotforsecurity/banker-trojan-zbot-allies-with-well-known-exploit/