We’ve been watching a specific WordPress infection for several months and would like to share details about it.

The attacks inject malicious JavaScript code into almost every .js file it can find. Previous versions of this malware injected only jquery.js files, but now we remove this code from hundreds of infected files. Due to a bug in the injector code, it also infects files whose extensions contain “.js” (such as .js.php or .json).

Continue reading WordPress Security – Unwanted Redirects via Infected JavaScript Files at Sucuri Blog.

Via Sucuri.net