There must be a new vulnerability circling. My site was just hit.

Unauthorized plugin was installed called "catnip" which featured standard c&c features. Automatic administrator login, remote file downloading, basically access to the entire site.

Site named changed to "darkoct02". User was registered shortly after with the username "fallinlove" that had admin permissions and a chefalicious mailbox.