if i am not allowed to post this here. please remove or let me know. but all the sites were on the same server. this was injected into all of the index.php files. i have since deleted it from all of them and sites are back to normal. but does anyone know how this can happen? it happened to every site on that hosting account.