This just out, latest nasty attack aimed at self hosted WordPress:
How to know if you've been affected:
- In your permalinks, look for additions that looks like:
- Also check your users, you may have an additional admin user – look for one you don't recognize.
Read more details at Lorelle's blog: Old Versions of WordPress Under Attack. There's also detailed instructions on how to recover if you've been attacked and hacked.
If you haven't, check your site and upgrade now!