Here at KEEN we love anything WordPress and though we’d spread the message about a vulnerability that has been discovered. There has been a worm going around infecting self hosted WordPress blogs. If you have not yet updated your installations of WordPress to version 2.8.4 and for WordPress MU to 2.8.4a, make sure you do it today.
According to this article on Mashable the worm creates a hidden administrator account and it messes up the permalinks of your site. If you suspect that your blog is infected, export your posts from your blog and then do a clean fresh install. After you are done import your posts to the new install. You have to do this because the worm finds its way deep into the database.
UPGRADE your WordPress blog today!