Anatomy of a campaign to inject JavaScript into compromised WordPress sites