I ran across one of these in one of my own posts last week, advertising a poker site in German. I’ve also seen them on two other sites since then (I alerted the owners). I’m running the latest version of WordPress, so it appears to be a current exploit.
As nearly as I can tell, the NOSCRIPT tags keep the ads from being seen by any browser that has Javascript enabled, but spiders that rank links will still “count” them. So the spammers are getting their popularity artificially inflated.
I find it odd that they appear to be so sporadic; I’d assume that once a vulnerable site was found the spammers would inject their code into most of its posts, but that doesn’t seem to be the case.
