Leaving the malware in the server will have many serious consequences from damage the reputation of your website, person or company to getting into legal trouble if the malware is used for criminal events. We usually require the account owner to resolve the issue within 24 hours or we will need to suspend the account to protect the site owner as well protect the repuation of the server.
We recommend that all scripts, for example, Wordpress is always keep up-to-date with the latest patch and versions. This will avoid any vulnerability in your account.
Here are some websites for read up or more details on malware.
- Wikipedia.com - Code Injection
- Sucuri Sitecheck - Free Wordpress Malware & Security Scanner
- Google Webmaster Tools Help