There’s a new WP/WPMU exploit running wild at the moment. Any WP/WPMU install running any version prior to 2.8.4 should be upgraded immediately. Users who upgrade to 2.8.x and then applied changes instead of a full upgrade should be ok.
If you can’t perform an upgrade immediately delete xmlrpc.php to prevent your install from being hit by the exploit. Obviously this reduces functionality so it shouldn’t be used as a long term solution.