One main reason why this happened is because of Bryan running an incredibly out dated version of WordPress. Lunduke was running WordPress version 2.9.1, and the current version is 3.4.1. Since then, many issues have been corrected, and exploits have been fixed as well.
Despite Bryan’s rant – ‘Google doesn’t want people to know about better software’ , this was not Google claiming that Illumination Software Creator was malware, nor was it a false positive or mistake by Google, but an automated detection of a compromised site.
What happened was a code injection, as stated earlier. The JS would then load a iframe hidden, then remove it from the code. Chrome users were still able to see the hidden iframe code, so they saw what happened.
Malicious software was hosted on 1 domain(s), including dynapass.ru. 1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including sqqkemzgshwnkkrk.waw.pl/
Google’s “How did this happen?”:
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message
The particular malware that has infested his site appears to be related to some vulnerabilities in Plesk , that were fixed in February 2012 and July 2012 that allowed the automated script to compromise his site and modify the files to inject the iframe.
I posted this today to show you all that it is very important to have up to date server software, as well client software/machines that access that server. This exploit was caused by having an outdated version of WordPress. The newest version has fixed these exploits.
