We are seeing many WordPress sites on shared hosts (GoDaddy, Bluehost, Dreamhost and a few others) compromised with a malware from sweepstakesandcontestsnow.com.
This is what is gets added to the hacked site:
And that code is used to infect the browser of the person visiting the compromised web site.
What is interesting is that this attack is being done by the same group that infected thousands of GoDaddy sites with the sokoloperkovuskeci.com .htaccess redirection (all hosted at 18.104.22.168):
Whois of the group behind it:
Gavai Otarro firstname.lastname@example.org
+1.445669776 fax: +1.445669776
5653 6th Street
Pittsburgh PA 54353
If your site is compromised, sign up with us and we will fix it for you: http://sucuri.net/signup