Second attack by Blackhole Exploit discovered in thousands of WordPress websites that use non-updated TimThumb image tool. Researchers detected an additional 3,500 unique infected WordPress sites, which redirected visitors to malicious sites between Aug. 28 to 31. Avast senior researcher Jan Sirmer found attackers had exploited weak FTP server authentication credentials to upload malicious PHP files to the site. The attack used the BlackHole exploit kit which redirected the website’s visitors to an external malware-hosting site.
Source: https://thehackernews.com/2011/11/blackhole-exploit-kit-attack-on.html