Hello, I'm using the latest WordPres 2.9.2 and today I noticed a nasty advertisment on my blog. Because my blog normally is free of advertisment I have decided to look for the problem.
I found a place in my "footer.php" (from my template) where a foreign code was inserted. This code included a file file from "/wp-includes/" called "wp-vars.php". I opened this file in my editor and noticed that the code in there was encrypted with Zend. I also found a file called "wp-version.php" in the same place which has the function of decrypting something with a base64 algorithm. This looked very suspicious to me so I deleted these files. This was really helpful because afterwards the nasty advertisment on my page was removed.
But as I tried to write a new post on my blog I have noticed another terrible thing... I only get a blank page with a WordPress copyright footer if I try to access "/wp-admin/post-new.php". I searched the web to get some information about this problem and I found some more bloggers who also have this problem. It seems to be a very new problem because all of them had this injection within the last two days and all of them use the latest WordPress version.
You can see the blog-posts about this problem here:
Has somebody already noticed this problem, too?
Many Greetings from Germany