A couple of months ago I gave a talk at WordCamp London to try and educate and inform how WordPress malware works. This was triggered by a feeling of concern around the lack of understanding on how PHP malware works and what measures could be taken to prevent and fix sites getting infected. Although you can see the nerves coming through in some places, I think I managed to impart some knowledge and hopefully those who came learnt something.
The video is online now, so you can enjoy it too:
You can also check out the slides.