Is your WP blog spreading a “drop-by” virus?

WP bloggers beware! There’s a new malware that is attacking WP blogs and secretly infecting them with a java script trojan — JS:Illredir-B [Trj] While it has other effects, the most malicious appears to be dumping the virus into any new posts one makes, spreading it to one’s readership.

Avast anti-virus is finally catching up with it and will alert bloggers of its presence when you attempt to post. But Avast doesn’t fix the problem, which is in the WP code on your server.

This trojan seems to be associated with siszyd32.exe, a virus first identified on 7 December. FreeFix [WinPatrol too] will tell you if it’s on your computer –while Freefix claims to be able to delete it, I’m not sure of that. I finally had to reformat my hard disk. And I still haven’t found a way to kill the script in the post.php functions of WP. Any ideas about that?