Spent the last half hour squashing some malware on my sister Heather's blog – it was very sneaky – it only fires if a visitors is coming from a search engine search. Probably related to the Dreamhost security breach a few weeks ago. The easiest way to troubleshoot is to look for files with odd timestamps. Also check wp-config.php- htaccess and look for any big ass blocks of encoded crap. Also learned about this tool – http://sitecheck.sucuri.net/scanner/ – re-fired Google to re-scan the site. Should pass with flying colors.
Web site security monitoring and malware removal