The attack came through a vBulletin security hole that was patched in a recent release that I just upgraded to.