This is what usually happens...
1.) A trojan gets in your LOCAL machine.
2.) This trojan scraps your FTP client for login userID/password info and sends it to the mothership.
The REAL problem is on the LOCAL machine. Clean the LOCAL machine first, then change all passwords to your WP sites.