WordPress Code Injections – A New Threat

One of my clients has a rather popular sports site on based on WordPress. The site is up-to-date and running on DV server. A few weeks ago malicious code starting to appear on the site setting off warnings from anti-virus programs that monitor websites. Sometimes, entire files are uploaded that contain malicious scripts. Most of the time, however, JavaScripts are appended to existing PHP or HTML files. One of the favorite targets is the WordPress index file (index.php). A self-executing JavaScript is added after the closing ?> tag. How they append the file is a bit of a mystery as permissions are correctly set at 644. The purpose of the malicious code seems to vary. Some code attempts to spread worms/trojans, steal passwords, or re-direct to spam sites (meds).