Word Press - New Worm attacks older versions
Blog sites using older and out-dated versions of Word Press may be potentially exposed to a new security worm. Depending on security controls, this malicious agent can register as a new blog user, become an ADMIN, and secretly insert SPAM throughout the blog. If you're on an older version, please PATCH NOW. As Word Press reflects, removing spam for all the posts could become very laborious.
Word Press - New Worm attacks older versions
http://www.theregister.co.uk/2009/09/07/wordpress_worm/
QUOTE: Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
Word Press - Security Bulletin
http://wordpress.org/development/2009/09/keep-wordpress-secure/
Word Press - Hacked Blogs may be tedious to correct
http://codex.wordpress.org/FAQ_My_site_was_hacked
Word Press - Upgrade available
http://codex.wordpress.org/Upgrading_WordPress