A new client contacted me last week with a security issue where visitors could type in the name of their web site and visit OK, however if they went to Facebook first and then clicked a link to their web site they were instead redirected to an unsafe web site.
My first hunch was that their WordPress site was infected but then I did some more Google research on the malware address of search-box.in and found that this was often caused by an infected file called .htaccess
.htaccess
Once I received the credentials to login to the client site with ftp (File Transfer Protocol) I found that indeed the .htaccess file was infected with the following lines of code:
The fix was to remove these lines and upload the clean .htacess file.
This infected file would redirect web visitors that clicked links from several popular locations on the web: Google, Live, Aol, Bing, Mail, News, YouTube, Twiter, MySpace, Facebook, Maps, Flickr and Yahoo.
Security
To prevent this from happening you should keep your ftp and WordPress passwords difficult to guess and only install WordPress plugins from sources that you trust.