Hundreds of WorPress blogs hosted on shared servers were compromised over the
weekend and had malicious code injected into their pages. A detailed analysis of
the affected sites uncovered instructions to hide the attack from Google's web
crawler.
The obfuscated JavaScript code injected into the footer.php script was first
spotted on blogs hosted at Dreamhost; however, it soon spread to other hosting
companies as well. "The initial reports today were restricted only to Dreamhost,
but now we are seeing the same pattern on blogs hosted at GoDaddy, Bluehost,
Media temple and other places," Sucuri Security Labs, a provider of web
integrity monitoring services, announced on Friday.