Wordpress blog infected – redirect to trojan website
So I've recently come across a problem with a few Wordpress blogs (none were version 3.0.0 however), when you visited the site for the first time, it would redirect you to a website that asks to install antivirus software (ofcourse this is a trojan)
The tricky part is, that if you are the site owned, it will NOT be visible to you. Unless you have the habbit of clearing your cookies. What the hack did was modify the wp_posts (or other prefixes) table, and modify the post_content by placing
<script src="xxxxxxxxxxxxxx"></script">
at the end of the line (of course, xxxxx is a URL which I have removed because of security reasons). So, if you are experiencing the same problem, go into your database, and see if you see a <script in your _posts table, in the post_content field.
What does the script do? Well is basicly comes down to his
- The script determines if you have visited the website already (by looking through your cookies)
- If you have already visited the website, it will just show you the normal page (so if you are the site owner you won't notice if your site has been affected if you don't clear your cookies)
- If you haven't visisted the website, if will redirect you (through a tinyurl)
I fixed it by backing up the database, then dropping the _posts table , editing the sql for the _posts table , and did a replace all on the <script .. problems were solved after this.
I hope this helps some of you 
