Someone has most certainly hacked your website. How they did it, I can't say from that message. It happened to our drupal website in August using a SQL injection flaw. You need to:
1. find and clean up the hacked code
2. reset you administrator passwords and ftp/ssh passwords
3. upgrade your code to close security holes so you don't get re-hacked.
If this is on a hosted account, your provider may be able to scan your account for known hacks. This will catch files, but may not catch code inserted into content if that's how it was done. That was where ours was.