Sucuriy has announced () on his blog that more than 162 000 WordPress sites are used to cause DDOS attacks. In particular, any instance with Pingback enabled is a potential target to be part of those attacks. The funny part of the story is that the attack was discovered due to DDOS attacks against WordPress by... WordPress websites. Sucuriy has an online tool to check if your WordPress instance is used to attack other servers.
Link to article