I'm sure you've changed/resolved the FTP password, so that's probably covered already. Backup everything (database and files) and then delete everything (NOT THE BACKUPS! :).
Do a complete re-install from the sources, meaning get the WordPress files, plugins, and theme you use from the original author's websites. If you are using a theme with dodgy obfuscated code, DROP IT and use something else for now.
Re-create your wp-config.php from scratch and start moving images and files you've uploaded into wp-content. See the below links and comments on how to check that the spammy link is either in your database or files.
It's a lot of work but you'll find it eventually and hopefully have that V8 moment when it's solved.
Begin boiler plate HERE
Read this
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
And then read it again.
Read this too
http://codex.wordpress.org/Hardening_WordPress
Upgrade to the latest version if you have not already. You need to see if there are any users added to WordPress that you don't know about/don't belong there.
You need to go through your files and find where the spammy links are being added. If it's in wp-config.php or some other file, you'll need to make sure that is cleaned up before you can consider yourself good file wise. Look everywhere and use fresh copies of your WordPress installation, plugins, and themes.
Look at your posts and comments and see if there are any spammy links there. You can export your whole blog to WXR and then examine the whole thing in your favorite text editor.
Look at your server's log files. If you are on a shared server, get help from your provider. You need to identify if this was a compromise of WordPress or your server. If you do not identify the entrance which the attacker got in, odds are they will be back.
Once you have cleaned up your hacked blog, harden it so this does not happen again.
Good luck.
llamaman
