Just found today, I'm Hacked by the same MOB - How to prevent, they have got into my cpanel and MSQLdb changed users and passwords. This was on a brand new installation, passwords to cpanel very secure, latest WP version installed 3/10/12 direct to main directory.
My site still appears stable, but I can't access the WP Log in - going in via cpanel and viewing the DBase is where I found my user name was changed to 'sec-w.com'.
Any help appreciated, this is all new to me.
On 2/10/12 the total site was hit, my Hosting ISP said a number of WP sites got it. They added a new index.php file to re-direct, I found this and deleted it, changed all passwords and still they had deep code that inserted code on each page - ACTION: deleted the WP installation and started again.
Re-installed WP 3/10/12 - and now as mentioned first up they have gained access to the MSQLdata base. Is it via cpanel or is this just a straight hack into WP?????