Just an update to the .htaccess redirections attacks that we have been tracking for the last few days (most of them to .ru domains).
Those are some of the domains being used right now:
It is happening on WordPress and Joomla sites, but can affect any web site, since they are getting access to sites via stolen passwords. Once in there, they modify the .htaccess file to redirect users to malware domains (and search engines for SEO). In some cases, the code is injected in the index.php file:
Sucuri identifies this malware in our scanner: http://sitecheck.sucuri.net
Our support team can clean it up for you if you are infected. Sign up with us here: http://sucuri.net/signup and we will get it sorted out pretty quickly.
If you have any question, let us know (firstname.lastname@example.org).