Older version of WordPress are being attacked, so if you are still using wordpress 2.5 or 2.6, its too old and you must upgrade right now. All wordpress version 2.8.3 and later should be safe from this attack.

Signs of the attack

• Strange characters in your permalinks (including eval and base64_decode). For example :
  

  example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

• Extra administrator account in the users control panel which you cannot see

Check your blog for the signs

• Visit your blog index and see if there are any strange permalinks.
• Login into admin panel > Users > Check whether the number of Administrator is correct

How to prevent this attack?

• Upgrade to the latest version
• Change your admin password to a strong password
• Change your FTP & mysql password

More Info

• More info about this matter at Lorelle’s blog
• How to Keep WordPress Secure