The sites have been infected with malware called “cloudisthebestbestnow.”
WPSecurityLock reported, “The ‘cloudisthebestnow’ hack attack is dangerous malware! It injects malicious script into all .php files that redirects website visitors’ to a ‘fake AV’ program at http://cloudisthebestnow[dot]com/kp.php.”
According to GoDaddy, the attack is affecting several hundred accounts. The registrar of the attacking domain has been contacted to remove the offending domain in order to block the attack.
It appears to be the same attackers that targeted GoDaddy in May. It’s the same IP address.