Had the same B1 problem today, judging from other comments it looks like its going around. We have one FTP account that is used from one location so not sure how this happened.
- mostly index.php and index.htm files touched
- some .xml (I guess ones with html inside)
- handful of other PHP files affected (had to contain html)
- looking at the XML files affect, it seemed if found a HTML block and put the following after it:
<b1><!--em5MZER2eNoly1EKgCAQRdEV5ZPKqOWYDiU0DsQLW35Cv/dwoZVgvA+hHzEFP68BWdRcK7lHjSzJJVM02ZGsUvqw+A2/D+dDWnWvXh/JFhpm--></b1></body></html>
Our ISP isn't very being helpful on this one. Has anyone found out how their systems were compromised. Is this via FTP, injection?