According to Sucuri Security, the web hosting company's servers were hacked yesterday around 3pm EST, and thousand of WordPress blogs and other PHP based websites were contaminated with a malicious script that points to a fake AV hosted at http://cloudisthebestnow[dot]com/kp.php.
It is also interesting to note that the people behind this attack are the same ones that executed an identical attack against GoDaddy's servers less than a month ago:
Sucuri Security offers an explanation about how these attacks take place: "GoDaddy has some internal vulnerability that is allowing the attackers to upload the following code to their sites: MW:SIPRO:1. A few minutes after this code is uploaded, the attackers run it remotely and this PHP script infects all the files within the site."
Luckily for the owners of the sites, the attack has the same solution as the previous one.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.