I had pointed this out privately to Shag a few days ago. I don’t think it’s any Java thing (you might have killed some random innocent process via Activity Monitor :-)). I think whatever/whoever hacked into the site, if they did, are using either PHP or JavaScript redirects to point to the .ru site. Doesn’t reliably happen each time. When I get some time I will try to get at the source and try to figure out what’s going on.
Shag, given that this is now visible not just to me, I think you can conclude this is real intrusion and reinstall WordPress from scratch after removing the current installation and then change the DB passwords.
—ravi