$zend_framework crack

Watch out for a new server infection.  No one is sure but it is thought it begins with brute force guessing of a wordpress login.

Then every php file is prepended with:

...

This apparently inserts a malicious snippet of java into your wordpress pages - that you do not see but which infects the user's computer.

At the same time, blank users are created for wp-admin with "administrator" privileges.

Since every #$*! .php file on your host is infected with this, you either have to restore from a clean backup or run a script that opens every .php file and replaces the malicious code.

Then you need to go in and remove the blank users from wp-admin.

If anyone has any more information on this and guesses as to what the initial vulnerability is, please reply.

If you need a script to do this, msg me.