First , there are files injected into this dir :
${ubbthreads}/images/forumimages/default

Code
-rw-r--r--  1 x x    23 2011-12-18 12:09 exploit.conf
-rw-r--r--  1 x x   993 2011-12-13 11:56 cons.php
-rw-rw-rw-  1 x x 40756 2011-11-19 16:06 admin_2011.php
-rw-r--r--  1 x x 77035 2011-09-23 00:06 gold.php
-rw-rw-rw-  1 x x    34 2011-09-15 16:28 config.php

And then , I notice a lot of 'POST action' to admin_2011.php , modifying includes/header.php and includes/footer.php
That's why there's another thread complaining unwanted Google Ads shown.
I think UBBT team should take actions ASAP !

Most important of all , find out how these PHPs are injected to the directory , are there any exploits within ? (7.5.6p2)

By the way , the attacking IPs are from China : 118.253.12.77 , 101.226.33.201

If admin needs these exploit files , just tell me.

English is not my native language. I try my best to express my thought precisely. I hope you understand what I mean. If any misunderstanding results from culture gaps, I apologize first.