LS,

Read on counter.php attacks → counter.php>; rel=“canonical”.
The counter.php strain of malware is leveraging its redirect functionality to send victims to websites serving up the Styx exploit kit. Sucuri’s Tomy Perez on this attack: http://blog.sucuri.net/2012/07/website-malware-removal-counter-php.html
and Vicente Diaz with this article: http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php
So WP issues, outdated WP and javascript malcode are ingredients for these counter.php malware redirects.

A php security scanner can be found here: http://evuln.com/tools/php-security/

pol