The newest version of the Santy Worm, Santy.e, is threatening more web sites which use PHP scripting to produce dynamically database generated pages. The Santy Worm first surfaced last week, targeting sites which use the phpBB bulletin board/forum service.
http://www.searchenginejournal.com/index.php?p=1190
It's looking like other php based sites are vunerable. You will need to be careful about how you use requre() and include() statements.