See: attached
Also see the detections and alerts here: http://urlquery.net/report.php?id=1406414910209
also https://www.virustotal.com/nl/url/e9a59df4c0b1875aa7e92ab598d2aa98beb90f608a258bc362321538825302a7/analysis/1406414944/

As Google safebrowsing blocks this site, I assume avast! also detects the suspicious code there.
Quttera gives 6 malicious files:
various /wp-includes/js/and various in wp-content/plugins

Infestation existed for 47 days: http://killmalware.com/2chicksathome.com/
HTML code contains blacklisted domain: igymhkbd.qhigh dot com
See: http://sitecheck.sucuri.net/results/2chicksathome.com/
malicious iFrame malware → http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v4

vulnerable theme?:
WordPress theme: http://2chicksathome.com/wp-content/themes/thesis_17/

When hosts automatically upgrade the TimThumb script in Thesis, they unknowingly wreck specific functionality that we built into the script to make it work better with WordPress.

polonus

already is detected by avast
also blocked by harmful script.

http://i.imgur.com/ORN8CX2.png

Hi jefferson santiag,

Actually I did not expect anything else from good old avast! and so we are being protected.
I think it is also intriguing to find out what was the cause that these sites became so easily infested.

See: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v4
and as it says there

A Remote and malicious iframe was identified. It uses javascript to generate the iframe dynamically on the browser of anyone visiting the compromised site. We are seeing it often on outdated Joomla and WordPress sites.

Analyzing one of the uri’s involved: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2F2chicksathome.com%2Fwp-content%2Fplugins%2Fcontact-form-7%2Fscripts.js%3Fver%3D2.3.1+&useragent=Fetch+useragent&accept_encoding=
Can’t display source for type application/javascript
But then have a look here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2F2chicksathome.com%2F&useragent=Fetch+useragent&accept_encoding=

See what is really behind an infested uri - see attached

polonus

when google finds is probably spread to thousands of blacklist

maybe here
http://www.google.com/safebrowsing/diagnostic?site=2chicksathome.com

zscaler risk report malicious
http://zulu.zscaler.com/submission/show/951eec010094010ca76370d982d3450d-1406417268

is listed 8 in blacklist

http://www.urlvoid.com/scan/2chicksathome.com/

related found Malware

https://www.mywot.com/en/scorecard/2chicksathome.com

Well a google safebrowsing detection is sure making detection more obvious, but at the root of the infection lies outdated CMS (WP, Joomla etc. etc.) or free plug-ins and themes that are vulnerable to exploits always in combination with malcode (javascript, PHP, etc.). There are a lot of “dilletants” keeping a website up creating all sort of insecurities for the average visitor. Sloppy hosting is a good second reason, where money comes before security or where no security is to be found at all. >:(

polonus

well i agree with his reason
but I would highlight the main, which is vulnerability among the options you mentioned, the facility has a cracker to obtain passwords from one environment to be outdated, as it is possible to control, and not for the simple fact that a site is infected with code, many says User not found anything on my site that might become malicious, sometimes the User does not even realize that an attack is a weapon capable of destroying completely.

Hi jefferson santiag,

Let me sum up your reaction as follows -
a serious attacker only need a tiny little hole to worm through
and then the cat is out of the bag so to say., either a black hat cat or a grey hat cat ;D ;D

pol