There is a new strain of malware that has become a problem within the hosting industry due to the use of pirated php software being backdoored and then used. Servers found with this malware on any account on a server will be listed in the CBL and blacklisted until dealt with.
CryptoPHP is a threat that uses backdoored Joomla, WordPress andn Drupal themes and plug-ins to compromise webservers on a large scale. More information about this threat can be found on the referenced link below.
Fox-IT: CryptoPHP – Analysis of a hidden threat inside popular content management systems
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
This infection almost certainly means that the infected web site has used pirated plugins from the nulledstylez.com, dailynulled.com sites or some other site that specializes in providing “nulled” (pirated) software. Fox-IT’s research has shown that every pirated theme or plug-in on these two sites has been infested with the cryptophp malware.