Those of you who are members of my newsletter (if not, sign up on the right on my blog page), and anyone who follows WordPress announcements will know that there has been a worm attacking WordPress blogs that have not been updated to the latest version.
You can read the full details here, but please don’t ignore the Upgrade notice.
Backup, using a plugin like WP DB Backup (while you’re there, set it to regularly email you backups).
Why not also go to Tools > Export and backup all your post/page/comments in a smaller XML file. This can be useful too.
If you like you can backup your uploaded images via FTP in the wp-content folder, but that’s up to you.
Then Tools > Upgrade.
Some people will have to upgrade manually depending on their server setup, so here are the manual upgrade instructions.
While you’re at it, take a look at upgrading your out of date plugins too, why not?