What kind of hack attack is it for Drupal 7 sites?

My two sites(v7.22 & 25) have been hacked.

I've just now received an email from the Provider about fake emails being sent my VPS account.

I could find infections within my two Drupal sites.

I've even found these lines in the error log of one site with modification time of infection just matching:

[Thu Oct 23 06:46:09 2014] [error] [client 62.76.187.163] PHP Fatal error: Class 'Drush_CommandTestCase' not found in /home/myaccount/public/www.mysite.com/public/sites/all/modules/devel/develDrushTest.php on line 9
[Thu Oct 23 06:46:09 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/sites/all/modules/views/theme/views-view-grouping....
[Thu Oct 23 06:46:10 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/modules/poll/poll-vote.tpl.php
[Thu Oct 23 06:46:10 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/sites/all/modules/advanced_forum/styles/naked/adva...
[Thu Oct 23 06:46:11 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/sites/all/modules/webform/templates/webform-confir...
[Thu Oct 23 06:46:13 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/modules/forum/forum-icon.tpl.php
[Thu Oct 23 06:46:14 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/modules/aggregator/aggregator-summary-item.tpl.php
[Thu Oct 23 06:46:14 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/sites/all/modules/advanced_help/advanced-help-popu...
[Thu Oct 23 06:46:15 2014] [error] [client 62.76.187.163] PHP Fatal error: Call to undefined function db_create_table() in /home/myaccount/public/www.mysite.com/public/modules/simpletest/tests/upgrade/drupal-6.filled.d... on line 26
[Thu Oct 23 06:46:16 2014] [error] [client 62.76.187.163] PHP Fatal error: Class 'ctoolsNotCachedPluginArray2' not found in /home/myaccount/public/www.mysite.com/public/sites/all/modules/ctools/tests/plugins/not_cached/... on line 7
[Thu Oct 23 06:46:17 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/sites/all/modules/site_map/site-map.tpl.php
[Thu Oct 23 06:46:18 2014] [error] [client 62.76.187.163] client denied by server configuration: /home/myaccount/public/www.mysite.com/public/sites/all/modules/calendar/theme/calendar-week-ove...

I've changed my account name to myaccount and the site name to mysite.com.

It looks like some Drupal exploit.

The infection files look like:

mysite.com/public/modules/poll/poll-vote.tpl.php
mysite.com/public/modules/simpletest/mfw.php
mysite.com/public/modules/simpletest/tests/upgrade/drupal-6.filled.database.php
mysite.com/public/modules/block/tests/diff.php
mysite.com/public/modules/taxonomy/gwaa.php
mysite.com/public/modules/locale/locale.api.php
mysite.com/public/modules/locale/tests/translations/option.php
mysite.com/public/modules/dashboard/dashboard.api.php
mysite.com/public/modules/aggregator/aggregator-summary-item.tpl.php
mysite.com/public/modules/aggregator/aggregator.api.php
mysite.com/public/modules/forum/forum-icon.tpl.php
mysite.com/public/sites/all/modules/views/plugins/views_wizard/views_ui_base_views_wizard.class.php
mysite.com/public/sites/all/modules/views/theme/views-view-grouping.tpl.php
mysite.com/public/sites/all/modules/advanced_forum/styles/naked/advanced-forum.naked.topic-legend.tpl.php
mysite.com/public/sites/all/modules/flag/plugins/content_types/flag_link/header.php
mysite.com/public/sites/all/modules/devel/develDrushTest.php
mysite.com/public/sites/all/modules/advanced_help/advanced-help-popup.tpl.php
mysite.com/public/sites/all/modules/link/object.php
mysite.com/public/sites/all/modules/beautytips/other_libs/colorpicker/code.php
mysite.com/public/sites/all/modules/calendar/theme/calendar-week-overlap.tpl.php
mysite.com/public/sites/all/modules/rules/rules.api.php
mysite.com/public/sites/all/modules/variable/variable.api.php
mysite.com/public/sites/all/modules/date/date_views/footer.php
mysite.com/public/sites/all/modules/date/date_api/theme/start.php
mysite.com/public/sites/all/modules/date/date_popup/config.php
mysite.com/public/sites/all/modules/date/date_migrate/list.php
mysite.com/public/sites/all/modules/site_map/site-map.tpl.php
mysite.com/public/sites/all/modules/easy_social/templates/stats.php
mysite.com/public/sites/all/modules/webform/templates/webform-confirmation.tpl.php
mysite.com/public/sites/all/modules/hierarchical_select/tests/article.php
mysite.com/public/sites/all/modules/ctools/stylizer/plugins/export_ui/info.php
mysite.com/public/sites/all/modules/ctools/help/option.php
mysite.com/public/sites/all/modules/ctools/plugins/access/ajax.php
mysite.com/public/sites/all/modules/ctools/plugins/content_types/node_form/stats.php
mysite.com/public/sites/all/modules/ctools/plugins/export_ui/ctools_export_ui.class.php
mysite.com/public/sites/all/modules/ctools/tests/db.php
mysite.com/public/sites/all/modules/ctools/tests/plugins/not_cached/ctoolsNotCachedPluginArray.class.php
mysite.com/public/includes/database/pgsql/inc.php
mysite.com/public/themes/garland/images/view.php

From my dozen sites only two Drupal sites have these. One is v7.22 while the other is v.7.25. I've also gone through this: http://drupal.stackexchange.com/questions/85681/my-drupal-7-22-site-got-... .

**What could be the vulnerability in Drupal?**