ATTENTION: IGIT Related Posts With Thumb Image After Posts version 3.9.7 with WordPress 3.2.1 is vulnerable to phpRemoteView Attack. 2 of client's site were compromised recently. We checked it thoroughly and found IGIT plugin is the source of injection. Here’s the hack [malicious code]
[removed code] injected into index.php. Also in wp-admin, there were 2 suspicious files 'common.php' 'udp.php' there.
We have cleaned the index.php, deleted those suspicious files and removed the whole IGIT plugin and things come back to normal.
I am posting it here if it would be of any help of anyone in future.