We’ve been made aware of a new exploit that appears to have been launched today that is so far targeting WordPress and osCommerce installations. If you are running either of these pieces of software we recommend that you upgrade to the latest version as soon as possible. With osCommerce we would actually recommend you switch to an alternative product such as Zen Cart, as the development process is very slow and often stagnates.
The exploit itself creates .htaccess files in any directory where it has write permissions and places the following two lines in it, or on the end of an existing .htaccess:
AddType application/x-httpd-php .php .phtml .php3 .php4 .php5 .htm .html /tmp/25454b22bf39c75795851f39d5e347c4
/tmp/25454b22bf39c75795851f39d5e347c4 claims to be mini suhosin, part of the Suhosin PHP security software, this is not the case. The exploit also tries to leave a back door shell in to infected system by leaving a shell process called minisuhosin running.