Wow, that guy (krisbarteo) sure is busy! Just wondering... would it be simplemachine's business to blast an email to all known SMF installations warning them about this guy? You'd have to careful to phrase the warning in such a way that it's not legally an accusation (libelous) telling boards to dump this guy, but rather a pointer to discussions such as this one. That user name is going on my ban list right away!
That being done, do we yet know what vulnerability he exploited? Was it in a browser? Was it SMF permitting unrestricted file types for avatars?
Add:
I thought about adding code to ban particular user names, but figured that they'd just register under some other name. If the problem is that their avatar image contains some kind of booby trap, what is the nature of the beast? Are they uploading a .php file as the avatar? In that case, a simple check on permitted extensions should fix the problem. Are they uploading a legitimate extension (.jpg, .png, .gif, etc.) and it somehow contains malicious code? Could SMF scan for certain strings in an avatar image before accepting it? If not, could new avatars be uploaded to a different directory and quarantined awaiting Admin inspection and movement into the production directory? I assume that it's not a browser vulnerability to embedded code (I think I recall such a thing a few years back), but somehow code that gets run on the server?
If this information isn't suitable for public dissemination, but you would like to request my help in coding something to fight this attack, please feel free to PM me with details.