recieved some weird emails today from DataBaseHackedHosts@host.de, so i had to start to investigate.
seems like the wordtube plugin was open to an exploit. if you use the same plugin, do so as well (instructions) — several other sites were killed.
my hoster was not very helpful. this was their response when i called them: “change passwords and upgrade your cms”.