I had the same issue – using Hostroute in the UK. Problem is not just restricted to wordpress; this affected an installation of my podcasting script, wordpress and also LimeSurvey – none of which were linked from any external site or wordpress, they do not exist online apart from a direct URL that I know about, however they too had code modified with the same base64 encoding information.
I also found a ‘timthumb’ exploit in mine?
Scanned and re-installed, contacted host too as all files affected contain the following words in the file names:
- config
- functions
- index
- view
