Having noticed what seemed like it might be an urgent-ish security-related post show up in the mass of post links at the bottom of my WordPress dashboard, then following some links:
There seems to be two kinds of hackery going on, just like I’ve described:
1. Inserting “invisible” HTML full of links (for NSFW sites) into your WP template that isn’t obvious when you go to your blog, but is VERY obvious when you look at the source code (and start seeing that you’re getting traffic for some “peculiar” terms).
2. Inserting whole new source code / new sneaky themes that copy other blogs / content *exactly*, which is full of spammy content and affiliate links.
(Vulnerable WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running WordPress, it’s advisable to upgrade to 2.5 (which was relatively painless) as well as checking the actual code of your theme…