Is your site fully patched? You may check at system -> configuration -> Design -> footer -> Miscellaneous HTML for any suspicious script.
Please refer following post https://community.magento.com/t5/Magento-1-x-Technical-Issues/HELP-site-hacked/m-p/19304#M1501 it has links to Magento best practices and other precautions which can help you keep your site secured.
Yep, fully patched. And behind a firewall. And the admin login was obfuscated and IP restricted.
And "System -> Configuration -> Design -> Header -> Miscellaneous HTML" was exactly where the script was placed.
I've found a similar code in php placed in the mage.php file. I think this happened shortly after I hired a "reputable" company to do some work for me on Magento. I'm not sure if its related or them or not, but it seems the file was accessed via ftp.