All the pages served by one of my oneClick wordpress blogs have a element prefixed to them. Including the RSS feeds. The script is compressed and obfuscated but is clearly targetting MSIE. Most browsers ignore still render the pages with the element there.
Anybody else seeing this infection?
I’ve opened a ticket, but since its not in any of the things I can edit I suspect the problem maybe more widespread. And yes, wordpress thinks it’s up to date.
For example: http://enthusiasm.cozy.org/