Buzzo theme and nasty files appear at the same time on my server…

This morning I found that the Buzzo theme had appeared in my wordpress installation. I did not download it.

Four other randomly named (and unfriendly) files were placed on the server in various directories (exploit not yet fully identified – see more below). This all happened at the same time.

I note that the Buzzo wordpress theme page shows a big spike in downloads today.

Is this theme malicious, or is someone attempting to give it a bit more news time by hacking people installations and installing it?

My main pages had a search box injected into them at the top of the page – which is how I noticed the issue initially.

I think the theme was installed via a file upload compromise, but I cannot confirm that. One of the randomly name files that appeared tested for file upload ability before a huge amount of eval and obfuscated code was injected somewhere… Alas I don’t have the files as they were promptly deleted by server admins. I was only able to view them momentarily before the server admins killed them.

Keep your eyes open on this one… Hopefully this topic helps someone…