Hi malware fighters,
Thousands of sites were thus attacked.
Search with google for inurl:wp-includes or rather look here:
http://tassc.org/blog/wp-includes/All the sites infected were using the latest WP version and had a PHP script injection inside their wp-includes dir.
The script name is random and it will perform twofold:
1-For a search engine, it shows a set of keywords (cialis, viagra, movie downloads, etc.)
2-For a normal user coming from Google, those are redirected to a web site with malicious software or to another website to receive more spam,
polonus
