There is a great post on the back­ground of this prob­lem by Mark Maun­der that I rec­om­mend you read to under­stand the sever­ity of the issue:

Tech­ni­cal details and scripts of the Word­Press TimThumb.php hack

But even bet­ter, Mark has writ­ten a Word­Press plu­gin that you can install. It will find any vul­ner­a­ble copies of timthumb.php and allow you to update them to a secure ver­sion. The plu­gin is called Timthumb Vul­ner­a­bil­ity Scan­ner and is avail­able from the WordPress.org plu­gin direc­tory.

This vul­ner­a­bil­ity is now widely know and web­sites are being hacked.

This is a seri­ous issue, you DO NOT WANT YOUR SITE HACKED.

Take 5 min­utes to install and run the Timthumb Vul­ner­a­bil­ity Scan­ner plu­gin right now, oth­er­wise you could be fac­ing hun­dreds of dol­lars and/or many hours try­ing to clean up your hacked site.

Some host­ing com­pa­nies like Blue­host and Fat­cow are proac­tively locat­ing vul­ner­a­ble copies of timthumb.php and replac­ing them with safe copies, and send­ing out email to the account hold­ers let­ting them know what was done. But your host­ing com­pany may not do that, or some copies may be missed. Be safe and check for yourself.