I imagine that a majority of people hit by this "hidden" spam will not notice it because it's not visible unless closely looked at; the only thing that gives it away is the "Comments Turned Off" bit (which I imagine isn't something the spammer wants to happen, rather it's probably an unwanted outcome of whatever vulnerability they used to modify your post).
Regarding what's in it for the spammers; it might not appear that there's anything in it for them... until you consider what happens assuming a person does a Google/Yahoo/etc. search for something related to your website, or something that would list your blog post, etc.
There's no use in "upgrading" the blog since it's breach... since I'm already using the LATEST (2.3.3) version of WP available, and it's STILL vulnerable. While I'm not 100% certain, this may NOT be a WP vulnerability at all... possibly a new Apache/PHP vulnerability? I won't know until I do a lot more testing, but I'm really lazy :\
Assuming this is a WP vulnerability again, I don't know but I'm thinking about migrating to something more secure with less holes like Serendipity soon as much as I love WP and how it works :\