What happened to the "Linux is malware-free" claim?
There is a suggestion in the comments section on the site that the redirect to the Bogus ISO was the result of an attack on a vulnerable Wordpress install.
I’ll ask this question, without knowing the intrinsic details, or any specific details other than what has been posted above; did the breach have anything to do with the fact that you’re running WordPress?
Best wishes and thanks for the heads up.
Edit by Clem: Yes, the breach was made via wordpress. From there they got a www-data shell.