A lot of us with vB boards got hit a month or so ago. I got hit twice - about a week apart between the attacks. I hadn't taken an action that they suggested in an e-mail (deleting the install folder). BUT they didn't make the issue sound very urgent. In hindsight that was a big error on my part.
After the attacks one of the things I did that seems to have helped a lot is locking all admin type directories with .htaccess - not just on my vB site but on all my sites - Wordpress blogs, tube sites, etc. I have to do two logins now to get to admin areas, but it makes it hard enough for hackers that they'd rather move on to other sites that are easier to hack.