Description: Javascript included and used to distribute malware on WordPress sites. Also known as the crazymasya.com or inlovebot malware.
Domains used: (all inside the 91.217.162.0/24 network):
http://crazymasya.com/vip.php?s=1
http://inlovebot.com/vip.php?s=1
Affecting: Any WordPress sites at Rackspace / Mediatemple
Clean up: Malware is not hidden and a search / replace should fix it. Contact b>support@sucuri.net</b if you have questions or want us to clean it up for you.
Malware dump:
function dyeSunk(khiWort,wortKhi){this.nudeDye=0.001;....