Akismet 2.5.6 may have vulnerabilities that allow files to be created/uploaded within the plugins/akismet folder.
I've seen this attack twice on two different unrelated domains. In both cases, the vulnerability was used to do mass emailing/spoofing.
First incident was about a month ago, no re-occurence after I removed the malware and set permissions to 544 on the akismet directory.
This appears to be the most detailed analysis:
I realise this isn't the most comprehensive report, but I'd be surprised if you aren't already looking at this. Just thought I'd report it officially since I can't find much online about it being acknowledged/addressed.