Apparently there was a security hole in timthumb (which is used by many people running wordpress) which allows a file be uploaded and then copied elsewhere on the server where it then spreads

TimThumb.php Vulnerability Not Only Affecting Themes – Plugins too
http://blog.sucuri.net/2011/08/timthumb-php-vulnerability-not-only-affecting-themes-plugins-too-vslider.html

Attacks Against Timthumb.php in the Wild – List of Themes and Plugins Being Scanned
http://blog.sucuri.net/2011/08/attacks-against-timthumb-php-in-the-wild-list-of-themes-and-plugins-being-scanned.html

Mass Infection of WordPress Sites Due to TimThumb ( counter-wordpress dot com )
http://blog.sucuri.net/2011/08/mass-infection-of-wordpress-sites-counter-wordpress-com.html

TimThumb.php attacks – Now using googlesafebrowsing dot com
http://blog.sucuri.net/2011/08/timthumb-php-attacks-now-using-googlesafebrowsing-com.html

TimThumb.php Attacks – Now Being Used for Blackhat Spam SEO and Might Break Your Site
http://blog.sucuri.net/2011/08/timthumb-php-attacks-now-being-used-for-blackhat-spam-seo-and-maybe-break-your-site.html