About the virus on the BPDNews site: There was lots of confusion yesterday and a few hours of frenzied troubleshooting, but the vulnerability didn't seem to be in the Moveable Type software or in the blog level security. Apparently it was something that got into the MySQL on the host server and it was generating a call to a Russian site which then started a download of a trojan onto the user's computer.

When notified, the host provider fixed it and now things seem to be back to normal. Thanks to everyone who chipped in to help.