I am hosting a WP blog for a friend and she just told me that a friend of hers went to the site and got a computer virus from it. Nonsense, I said, there's no way that can happen.
So I fired up Virtual PC (I'm on a Mac as is the friend who is the owner of the site, the person who got the virus is on Windows machine) went to the site and it instantly started downloading crazily. I immediately tried to shut it down and now my Virtual PC installation which is never used for anything but testing local sites has a trojan horse virus (66 viruses found) and a whole host of spyware including a desktop picture that won't go away now.
Is it possible that this came from the WP site? I immediately updated to the newest version of WordPress, but it seems that it's still there. I've checked the MySQL database and there doesn't seem to be anything too weird, but this is the only install I've ever done of WordPress, so I don't know too much about it.
I'm hesitant to put the address here as I don't want to be responsible for ruining anyone's computer, but I'm really desparate to figure out what's going on here. The site is womenofthecloth.org PLEASE don't go there unless you have a serious anti-virus program running.
A few hours ago I would have called myself crazy for thinking this could happen -- I guess I get too spoiled and lax in my Macintosh world.
Any help or ideas would be great.