A recently discovered vulnerability in the open source PHP component XML-RPC is leaving many systems vulnerable to attack. Now a virus called Lupper exploits the vulnerability and loads itself on to unpatched systems.
For a list of vulnerable applications, visit SecurityFocus.com. One caveat to the SecurityFocus.com list, WordPress is reportedly safe from this exploit since version 1.5. According to WordPress authors the library that version 1.5 upwards uses is called IXR and is different than XML-RPC. Older versions of WordPress are vulnerable, however.