I just got hacked, too. This afternoon. I have 220.127.116.11, am in the process of preparing to upgrade to 1.5.2.
What happened: It looks as tho there was an outage at ipowerweb.com, my hosting service. Everything went down, including their home page. (This also happened during thepower outage in L.A.). Site came up again quickly, within about 10-15 minutse. When my blogs came back up, it looked a bit odd. (rather than header appearing at top, flush, no top margin, it hung down a bit). In about an hour's time, I had the chance to go to the control panel. Where I got error messages.
Warning: Cannot modify header information - headers already sent by (output started at /home/i2020hin/public_html/wp/wp-includes/wp-db.php:359) in /home/i2020hin/public_html/wp/wp-admin/admin.php on line 10
Same error message, for line 11, 12, 13
It wasn't until I viewed source that I saw the problem. There is some marquee tag at the top. It begins like this:
<marquee width=1 height=1> and is followed by boatloads of links to spam locations. We're talking drugs that have letters at begin and end, similar to xerox. Drugs with names of three syllables, beginning with an f sound, but spelled with a p and an h.
The length of the inserted code is about 133,000+ characters.
So that's what it looks like, and I'm trying to do a fresh install of 1.5.2 in hopes that it goes away. I'll keep you posted.