See: hxtp://vscan.urlvoid.com/analysis/6de0918546ab04350c83ab152a575a51/aW5kZXg=/
and htxps://www.virustotal.com/file/6bc7cb20bd5347240c24dc5302ca4928818dfaabd88b3d1cc1f905cc167b84c7/analysis/
site scan: htxps://www.virustotal.com/url/5551a6f591241ea2e0830e41a1a44c472ef272ad3c84389c7a35a62ddccd1c8d/analysis/1330008685/
ip source = frame src='htxp://grbmulcq.ddns.info/stds/go.php?s see for this XSS attack code, also seen at pastebin on on Febr. 23rd, 2012:
htxp://jsunpack.jeek.org/?report=c7e0d95c89373d438f272cd1d6b77c5bdf54848b [visit last mentioned link only if security savvy,
with ample script protection and sandboxed],
reported to virus AT avast dot com, for webmasters a Malware Script Attack Fix for this is available here:
http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html (link post author = paolo)
polonus