Don't know why it should be only Wordpress sites. But I've removed multiple malware attacks in 3 - 4 client websites in the last 3 years, and All of them used Wordpress. Most importantly, (I think this is the main reason) all of them runs in web servers that allow Automatic Updating of plugins without FTP.
It took more than a week to figure out how it works. Finally detected the pattern of appearance.
That finding only left the possibility in .htaccess file. A good look in .htaccess revealed a necessary code. It also showed the location of actual culprit file. This particular site have an elaborate use of .htaccess, more than 100 lines of code in it, so it was not visible when we made a cursory glance on the first time.
Details on how to clean it up is available at Sucuri.net. http://blog.sucuri.net/2010/12/malware-update-publifacil-org-htaccess-changes-and-pe-php.html. The file invariably starts in PE. In our instance, it was PEcutup.php (it was not mentioned in the site, but be prepared to find new names if you come face similar situation!)