Blogcast.fm is reporting that a massive number of GoDaddy blogs have been hacked with a particularly stealthy set of malware. If you log in norally and directly, you don't see it because it hides itself, but if you hit the site from a set of Google results (and let's face it, that could happen easily), then the malware is triggered.

What makes this so insidious? Simple. If you own a website, you are, in all likelyhood, going to hit it directly, maybe even using some back-door URL that the rest of the world doesn't know about. When you do this, your site looks normal, leaving you completely unaware of the hack having taken place.

I was about to say something further about how this could be resolved by simplifying the software used to publish a site, such as how I have done it, but it looks to me as though this sort of attack, being not really against Wordpress, but rather against the actual hosted files, could logistically be thrown at any web site where the filesystem could be accessed.

It's pretty scary.