There is a leak in old versions of TimThumb, read the article about it here. This week (started on august 22) many WordPress (with TimThumb) users encountered problems with there websites. Google marked there websites as a risk (including one of my websites).
The websites connected to counter-wordpress.com. The script/malware had the abbility to enter your database, create a database dump, play sounds (?), get your WordPress password and more.. With the curl_setopt function there were able to install php scripts on your server.
So for those who have problems, a quick guide to fix this. And for those who doesn’t have problems yet. Update TimThumb (latest version here)!