Unwanted Zip Files

Is there a known security leak in Ver 1.3? We are frequently getting unwanted *.zip files uploaded to our public_html directory on a Linux server. Calcolo.zip and Warrants.zip are two examples. Our hosting company does not know how they are getting there.

No known (to me, at least) security hole, but you might check the write permissions on that directory