WordPress blogs (like this one) have been recently under attack by a worm tailored to a weakness that existed in older versions of the blogging software. Here’s the scoop.
The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.
In short, if you haven’t already upgraded your WordPress blog to the current version, you’re inviting trouble.