FYI, I migrated a WP site last week from a blog subdomain up to
virtual root, and watching a 404 Redirected log, this morning had over
150 scans for timthumb.php with various themes...plus 1 looking for
uploadify with zcool-like theme. I know the plugin and many themes are
fixed, but here's one site that just got hit recently via an old
timthumb:
http://www.psfk.com/2012/02/piers-fawkes-about-psfk-malware.html