Protip: If you normally log in to a website via HTML forms and you suddenly get some javascript type prompt to log in, suspect a trap.
On a related note, everyone should add the following domains to any kind of filtering/blocking they might have (your hosts files ideally, though keep in mind that hosts files are extremely specific, so make sure to add the domains both with and without the www. part); mec-salzburg.at and cifl.de The hacker is currently using the salzburg domain for his hacking and has used the cifl one in the past, blocking these will help protect you from his attacks, even on other sites (at least until he starts using a new domain).