Yes you assume correctly about Rachel's as yet not very used blog.
Just to let you know, the malicious code is also on the default theme too, and I just noticed it in the html of the webalizer pages! Midphase promise they will look into this and, as I reverted to their one button instalation of wordpress which you rightly point out is only very 2.6.1, they will also be doing a system wide update of wordpress too.
My problem is that speaking to their tech support is painful as they seem unable to grasp what is going on. I'm having conversations that go something like this..
MP "So you installed a script and it has a virus?"
Me "No, no. There is a script at the footer of the HTML which appears to be malicious."
MP. Oh, ok I see now."
Me. "Great, so what do you suppose I can do about this?"
MP. "Well sir, if you don't want it you could try uninstalling it."
When I deleted everything, I used FTP and I blanked the whole lot. I then ran their 1 button install which reinstalled everything from new. My guess at this stage is that this is something at there end.
In the meantime, it's a long shot, but I poinsed the code that has been added maliciously to the site. I changed the call from 'function' to 'funtoin'. That's probably a waste of time, but I wondered if maybe this was being added manually and if so then a glance at that probably wouldn't catch the typo. - Yeah I know, silly idea.
If Midphase don't get on top of this before the weekend I will tell them we're moving to a new host.