With a huge string of vBulletin sites being hacked, there is no doubt that a Zero-Day is floating around. The Zero-Day was released publicly on a popular Hacking forum and was posted along with a tutorial on how to exploit a targeted site.
The post:
The exploit is very simple and can be done successfully by anyone, which is why it’s such a hazard. All you need to complete this exploit is a site running vBulletin 4.1/5 and the script which could be found with a simple Google search to exploit the site: