The WordPress Team has confirmed that right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, registers a user and users a security bug to allow a code to be executed through the permalink structure and automatically makes itself the admin of the blog.
The worm then uses java script to hide itself when you look at the users page, attempts to clean up the damage and leaves unnoticed as if nothing ever happen while it inserts hidden spam and malware into your posts.
This sounds scary and I am not trying to scare you here, but the fact is that if you are using any other WordPress version other than the latest version 2.8.4, the above could happen to your blog.
The WordPress Team spends a lot of time and effort on fixing bugs to ensure your blog is not hacked , I recommend you to immediately update to the latest WordPress version 2.8.4 to avoid any hacks or bugs. It just takes one click to update to the new version automatically.