Jacob,
Yes, that threat is already in my definition update. You really should have started this line of questioning under a new thread as this topic is about another threat that was also already marked as "Resolved". A lot of these questions would have been answered for you if you had at least tried my plugin first. Then you would see that it would have found that threat in all those infected files and removed it for you.
To answer you other questions about how you got infected and how to stop it you would need to do some more investigation or hire someone to track down the source. You best bet is to ascertain the exact time of the infection (either by reading the "Changed" time on an infected file that you have not fixed or edited, or by looking at the infected time of the files in the quarantine after you have cleaned the files with my plugin). Then you can compare this time with the activity in your raw access_log file to see what script was exploited to infect your whole site.
If you are on a shared hosting plan you should also be aware of the fact that your site could possibly get infected though an exploit or vulnerability on any other site on that same server (even under another account) and you would have no way to detect it or stop it from happening again.
Aloha, Eli
