CryptoPHP -check your sites!
Although I was already aware of CryptoPHP, someone recently showed me a nice script that you can run to scan your server for this.
I just ran the script in my /var/www, as I do not upload or add applications to my operating system outside of trusted repositories.
CryptoPHP is generally smuggled into your web server from free plugins and themes you might download from un-trusted places.
Often, the infected file will be renamed as "social.png"
Fortunately, these files are easily detected. If you have added any plugins or themes that came from untrusted sources, I recommend running this script. It only takes a couple of minutes.