The situation escalated four days ago and could be followed in this thread in the Hostgator forums. After hard work and two days, Hostgator could announce that the cause of the issue had been found and a permanent fix was applied.

Now, Hostgator didn't do anything special to get attacked, and the attackers could just as well have targeted all the other thousands of servers running Cpanel. It also took 2 days to solve the issue. Combine that with reports that Cpanel patches didn't work and we have one of the most, if not the most serious cracker attacks targeting the shared web hosting industry. This could have been a lot worse.

As of now, all web hosts running Cpanel should have applied the patches and we can only wait for the next attack. Those who are still using Internet Explorer are not safe, because the exploit in VML handling has not been patched by Microsoft (not that it's the only unpatched hole in there...) and exploit code could float around other places. The Secunia report for the VML hole in Internet Explorer should be of interest.