We've been alerted to an exploit inside TimThumb - a code library used by hundreds of WordPress themes to provide thumbnails of images.
Siobhan has written up about the exploit so you can make sure to protect yourself: https://premium.wpmudev.org/blog/timthumb-zero-day-vulnerability-affects-hundreds-of-wordpress-themes/
For those who may want to fix it themselves you need to look for the $allowedSites variable which will be an array of domain names. You need to make it an empty array, like so;
$allowedSites = array();
We've searched all our plugins and themes and found the offending code in the Mystique theme which is part of Farms 133 Theme Pack and also Network theme. The latest updates to both fixes that so please update immediately.