Lately we have been talking a lot about WordPress sites getting hacked with SEO Spam:
Some big sites got infected and the common complain I hear is that even after they clean up the SPAM, it just “magically” reappears after a few days.
Infection and analysis
*This is important: The latest version of WordPress (2.9.2) is not vulnerable, but if you took a while to upgrade, your site might have been hacked in the past and they left a backdoor hanging in there. So you need to find where it is.