system
21
Hi I arrived here since I have the same problem and know the entry point but was looking for a solution to fix it.
Anyway, I thought I’d save you some time so you can at least know where it all started. Apparently there was a security hole in timthumb (which is used by many people running wordpress) which allows a file be uploaded and then copied elsewhere on the server where it then spreads. It’s best to take your site offline first and try and clear it.
More specifics can be found here http://code.google.com/p/timthumb/wiki/GoogleMaliciousSite
Good luck.