Site was hacked
So it turns out that updating your WordPress code on a fairly regular basis (or more regular than every 2 years) is somewhat advisable, or you may find lots of your code containing links to Russian web sites. Sorry for anyone who hit the site and found a virus alert.
In order to remove that garbage I’ve gone back to a clean install of WordPress. All of the content – good, bad, and potentially outdated – is still here, and I haven’t found any evidence of problems in the actual WordPress database yet, but I haven’t spent too long digging through it. Until I can find the free time (ha!) to verify everything is still ok I’ll be leaving the site with this fugly default theme. I have a an entirely new, custom theme in progress so I imagine I’ll just move the site to that layout once I finish it up.