Finding that malware iframes is being installed in several JS files as well as some WP files such as wp-login.php, wp-login.php?action=register
The malware is also preventing all WordPress auto updates including core package updates, theme installation, and plugin updates from version 3.3.1. (meaning can't auto update from 3.3.1 to 3.3.2)
I'm noticing this happening across several WordPress sites that i'm running. They're also installing it through several theme JS files as well...and doesn't seem to be specific to a particular theme. I'm guessing once they're in they're able to modify whatever files share the same access level.
I should add i'm using: http://sitecheck.sucuri.net/scanner/ to check for the Malware.