Source: The Register
by John Leyden
In this article “Malware-flingers are taking advantage of vulnerable WordPress sites as part of an attack ultimately designed to spread an information-stealing botnet agent.
Cybercrooks begin the attack by planting malicious scripts on vulnerable sites. Prospective marks are then lured to compromised sites via spammed messages that purport to come from known legitimate sources including Better Business Bureau and LinkedIn, among others. The crooks use social engineering tactics to entice unsuspecting users to click the link found in the email.”