Ever downloaded a free WordPress theme from some random developer, install it, amd find all sorts of nasty links on your site?

Eh… me neither.

For the php inclined, here’s an excellent breakdown of what these trojan horse themes are up to, and how they do it:

… today, @chip_bennett discovered that one of his themes had been copied and was being redistributed by a site called top-themes.com.It had malware inserted into it that is of a much more malicious and spammy nature. Further investigation reveals that ALL of the themes on that site contain basically the same code. This code is not actually “viral”, but it’s definitely malware and it’s worth investigating to see some of the ways people try to hide their spam.

via Anatomy of a Theme Malware » Otto on WordPress.

Now, this is not intended to imply that all WordPress theme download sites are bad, or that you should only download themes from wordpress.org. It does mean you should be careful… and that, on occasion, a “free” theme can actually be a very costly endeavor.