Most people 777 their wp-content folders (or something therein) to enable uploads, or make their themes writeable by Tom & Dick, so you put something in there that injects Javascript into as many php files as it can find and hey presto. I’m going back to 644 / 755. The specific string injected here doesn’t do anything except screw things up, so I guess it was probably a schoolchild who found it on one of the warez sites and fancied a laugh.
Were you really hacked? What happened?
Most people 777 their wp-content folders (or something therein) to enable uploads, or make their themes writeable by Tom & Dick, so you put something in there that injects Javascript into as many php files as it can find and hey presto. I’m going back to 644 / 755. The specific string injected here doesn’t do anything except screw things up, so I guess it was probably a schoolchild who found it on one of the warez sites and fancied a laugh.
Here’s something similar http://wordpress.org/support/topic/157889