Guys I must say this was excellent post and folks helping each other out.
I having been upgrading this year from 3.x everytime to latest 3.0.1
Well it seems the wordpress blogs on Media Temple are the targets.
The Exploit checks if this WP blog then it initialzes bunch of arrays with base64 encoded strings i think.
So perfect way to enable Javascript inject on your webpages as well as allowing it to download on reader’s computer malicious script which mostly IE folks will fall pray.
@dd@sucuri.net and @eveevans
Can’t thank enough Guy.
You guys are great and solved my problem.
I cleaned up my .htaccess and removed PE*.php files from all domains and the error message went away.
@dd@sucuri.net
Thanks a lot. This was infact the issue. By cleaning the .htaccess at media temple and delete PE*.PHP files the error message goes away.
Thanks a lot.
