Description: Code used to insert a malicious javascript into many sites hosted at Rackspace and Mediatemple.
Loads malware from (all of them pointing to 91.193.194.155)
http://google-analytisc.co.cc
http://oiwdd.co.cc
http://pojdue.co.cc
http://js-o-kcjh.cz.cc/21
Infection: It infects PHP or javascript files. Only wordpress sites are infected. More details here: http://blog.sucuri.net/2011/01/malware-update-co-cc.html
Clean up: Contact support@sucuri.net for help.
Malware dump:
document.write(unescape('%3C%73%63%72%69%70%74%20%73%72...