there is also no indication this is primarily w WP problem, and not something underlying.
http://www.kidscoop.org/ is exploited and it's inside their gallery installation.
http://www.larmac.com.au/ also popped up.
http://www.lentini.co.uk is hacked. Ive emailed him; notice the old version?
http://www.jtechnica.com is hacked, with the hqc.php bits, even. And its not a wordpress install.
http://www.uneditedspirituality.ca/ is hacked with the hcq.php, and that's Joomla.
http://www.spinlabs.ca/ is hacked and its an older version. Not real old, but still. And somehow, in a case of "hahah, you reap what you sow", this person has *apparantly* actively disabled the upgrade notices:
http://jeremyduncan.ca/ is hacked, and the redirect to the spam content is able to be called right off his index.php page.
http://www.hansdreesen.com/ = hacked.
http://www.thinkerlabs.ca/jonmanafo is hacked. another old version; i emailed him.. no reply.
Those are just a few of the sites that popped up in the $_POST logging i have set up on one site that I am watching. Oddly enough, even over the course of a few days, the IP never changed: 220.127.116.11