coachm - 11:21 pm on Oct 4, 2012 (gmt 0)
It appears I've gotten rid of it, although I still don't understand how it infected things, or how it really works.
When I added the code back, once again, the hijacking started.
I've contacted the company and haven't heard back yet.
Now, I've thought I had this solved before, so I'm being cautious here, but it seems pretty consistent.
I've also decided to permanently close my self-hosted wordpress blogs. Not much traffic, and to be honest, just too many risks associated with it.
But I'm dying of curiousity as to the details of exactly how this thing infects, and works. I'll probably never know. It doesn't seem widespread enough to worry anyone.