I am having the same problem, this is changing ALL index.* files in the root folder of all domains on the same server, it is also adding the javascript to any file named login.* in the root folder of the domains as well.
You can stop it by changing the permission on index.php to 444 (or 0444)
Can you list what theme and what active plugins you are using and also any urls of rss feeds you are publishing from other sites.
If you dont want to list all that on here then I can setup an email address for you to send it to.
I can see if I have any of the same themes, plugins or rss feeds on any of my WP sites and we can start to find out what is causing this.
Thanks.
P.S my hack went to ner-aller.com DO NOT VISIT THIS SITE! and the site then infects your computer with the zbot.g virus.
You can view the coded and uncoded javascript that is being added here:
https://jsunpack.jeek.org/?report=09993f18392e6e53a20c5f4034e591b9d2b51ab6
