I’d seen a few things in the Support Forums which suggested that there was an active exploit of previous releases of WordPress. This has now been confirmed by Donncha O Caoimh:
So if you’re running anything earlier than 2.3.3 (which I mentioned last month), you really need to upgrade. Now. Donncha’s post even tells you how to find out if your site has been hit, so get to it!