This is a conditional malware that uses a compromised web site to infect anyone
visiting the site using the Phoenix exploit kit (specially Windows users).
More details here too: http://blog.sucuri.net/2012/08/wordpress-pluggable-php-being-compromised.html
Affecting: WordPress sites.
Clean up: Malware is hidden at the wp-includes/pluggable.php.
Last update: Aug/2012