The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised. Most of the hacked sites had outdated versions of WordPress installed.
Infected sites have following message at Footer :
Warning: file_get_contents(http://wplinksforwork.com/56132.. 47509328/p.php?host=… failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in ..