I just found a similar crack that was implemented as a “graphic” file, but in reality it was a php script named “lnu_php.jpg”. Looking at the code in this script, I found it is fully capable of allowing the cracker to access and modify any file on the system that Php has access to.
Being an image file extension, it would be really easy to have had a link to it embedded in any number of files to cause it to “re-infect” upon loading, and who really looks for extra image tags?
Note that the site I found this crack on does NOT run WordPress, but is a not-for-profit site I occasionally do tech support for, so it isn’t a WordPress specific problem.
HTH!
