The article mentions the update of WebFTP not being the cause - I first noticed my sites affected by this problem on 30 May, and at that time the suggestion was that *I* had somehow been compromised. So this hack started at least 9 days ago, it's just taken a while for DH to fess up publicly.