You've been hacked. Your Wordpress installation would be my first guess, just because it's a common target. But you need to scrub all of your sites for security issues. You need to insure your own computer is clean first by running a complete scan in Norton and then use something else as well to get a second opinion. Malwarebytes Anti-Malware is a good choice. Next, change all of your FTP passwords. Then wipe the servers clean and re-install everything from known clean back-ups so that any files left behind by the hacker are removed. Finally, restore the sites and update all of your scripts to the latest version. Search for "remove malware from website" and you'll find some good advice. Good luck!