Awesome find Abbe. Sure looks like it could be something like that going on. Ragnar should have a look at that site. Hopefully it will be easy to fix.
I use wordpress daily for my own websites, and one that I'm working on at the moment. I have seen there are plugins to protect your wordpress install against malicious attacks. Might be worth checking out a couple. I know I will for my own upcomming site.