Yeah, presumably the one godaddy account got hijacked, then used as a host for the malicious file.

A good reminder that anyone's low-profile website may not seem a tempting target, but it's still very much at risk.