Have you upgraded to WordPress 2.8.4? If you did not upgrade yet, then you better upgrade now. It was on September 5, 2009 when it was reported that a worm was discovered making its way around old and unpatched versions of WordPress.
If you have not done anything yet, your WordPress is definitely very vulnerable to this worm. Matt, the co-founder of WordPress, wrote a blog entry on how to keep your WordPress secure and if you have not read it, I suggest that you read it. He explained everything extensively.
Matt wrote that blog entry a long time ago and I am just reminding you all about it in case you have forgotten to upgrade. You do not want your site or blog get hacked, right? Then do something now. It might not be too late yet.
Aside from the worm, an admin password reset exploit was found at the old versions which I mentioned when I upgraded to WordPress 2.8.4 Security Release. You can read about it at this blog entry, Upgraded to WordPress 2.8.4, Reset Password Vulnerability.
If you do not want to upgrade, then fix your WordPress wp-login.php file. How to fix the wp-login.php file? Read this blog entry, Fix: WordPress Admin Password Reset Exploit, at ProgrammerFish.
On the other hand, I really recommend that you upgrade to the latest version of WordPress even if you can fix the wp-login.php file and even if WordPress 2.8.3 is immune to this worm. If you have an older version than WordPress 2.8.3, you have more reasons to upgrade.
But in case your blog or site got attacked or hacked and then you upgraded without fixing it first, then your site or blog remained hacked. If your blog got attacked or hacked, fix or clean your blog first before you upgrade.
Lorelle wrote a very good article about this issue, things you need to know, how to know if your site has already been attacked, how to prevent your WordPress blog from being attacked, if your WordPress blog has been attacked, and how to respond to a WordPress attack. Read this blog entry, Old WordPress Versions Under Attack, at Lorelle on WordPress.
Reminder though, before you upgrade, backup your files, your WordPress theme, database, and all the other necessary files. Follow the instructions at the WordPress Codex on Upgrading WordPress and Upgrading WordPress Extended.
It is a good practice to always upgrade your WordPress to the latest release to avoid getting attacked or hacked. Upgrade constantly and keep your WordPress secure.