Timthumb is not part of the WordPress core. It's used mostly in themes for image resizing, and it's been probably the most highly publicised vunerability that's been found for a very long time.
There are plugins that can scan for timthumb and help you to update it to the latest scripts, and that might help.
I've had this happen on some of my sites, and even after I removed all of the malicious code, upgraded to the latest version of timthumb and did everything that was recommended to stop this, it kept happening. It only stopped after I completely removed timthumb from the sites. I'd recommend that you don't use timthumb unless you really have to.