This is not an area of expertise for me, but I've added some extra tags to the column to the right ("security" "hacked" etc.). If you click on them, you'll pull up some other threads that are related to this kind of problem, and they may have some useful info.
You should also read the Hardening WordPress article in the Codex. If you google this topic, you'll find some other pages that give even more tips on securing your site.
There is also an email address to report security problems directly to the developers: email@example.com . I don't know how responsive they are, but they will at least be informed about the attack.
LATER EDIT: By the way, you probably already know this, but a google search reveals that this hacker has gotten to several other sites as well.