FYI - Malware being spread through ad services, including adsense

Hey Everyone,

Wanted to alert people to an issue I came across with a client's hacked site. Apparently they were using an ad system (not sure which one caused it they had a few going) but the issues seemed to arise when the service switched to running Adsense ads.

Several files were added to the main directory, all including the typical base64_encode javascript malware. It also inserted an entire folder called '.files' that contained about 100 .html files.

The end result was the site being hit with the red warning screen about possible attack site for just over 48 hours.

Here is an article about the issue.

And My recent post about fixing it.

While this wasn't a WordPress issue, it is something to be aware of.

If anyone has recomendations for avoiding this or protecting files/directories from attacks like this, please let me know. All permissions were set and even had security scan plugin in place.