Shared publicly  - 
 
The Register summarizes the recent Avast report about WordPress blogs infected with/by BlackHole malware
https://blog.avast.com/2011/10/31/following-wordpress-into-a-blackhole/

...and for some reason they also mention my August post about WordPress blogs with malicious doorway pages that poisoned Google Image Search.
http://blog.unmaskparasites.com/2011/08/05/hacked-wordpress-blogs-poison-google-images/

OK, that was about WordPress and I also suspected TimThumb security hole there. But that was not BlackHole. That attack redirected visitors to Fake AV sites. So I doubt my advice to search for tainted .htaccess file is appropriate now. It won't hurt though :)

In my experience, on BlackHole infected sites you should be looking for injected scripts, both external and inline. This may also involve some obfuscated PHP code injected into .php files.

And of course, stolen FTP passwords and backdoor scripts are usually to blame.
3
Add a comment...