Bumping and some more info.
From what I have read this exploit has at least partially compromised wp from 1.5.2 up to and including the new 2.5.1. It works by writing out php files, often disguised as .jpgg, .giff or .pngg, but sometimes adding the code to your php files as well. If you chmod your directories to 755 and files to 644, it seems that might harden against this exploit. Also, this exploit is known to attempt to access outside of the user home directory, you may wish to ensure you have open_basedir protection and that nothing is writable by user "nobody" unless it must be (example, .htaccess if you are having wp rewrite your urls).
This seems like it could be a very nasty one. As far as I have seen its full scope is not known, it loads encrypted files onto your server, and attempts to pop a javasc ript on your users.
In both of my wp's which were compromised there was data I needed to remove from the database itself with phpMyAdmin. This included a phantom user "wordpress" and two phantom plugins on one account, one on the other. Removing these phantom plugins from the database stopped wp from falsely reporting it was version 2.5; so far everyone I have heard of reports that other versions are erroneously listed as 2.5 if they've been hit. On my 1.5.2 mainstream blog it appeared the user "wordpress"'s full name was an attempt to pop a scr ipt.
To check your wp, see if it reports its version 2.5 when its not. Look for files ending in .jpgg, .giff, .pngg, or with _old or _new as part of their name. Look at file update dates. I did not fine the wp-info files on my box, ymmv. Also, if you try to change a post's author and see user wordpress, then you've been hit.
Most of what I've learned about it came from the previously referenced links, if you have not checked them out and you run wp, you should.