I read about the system.multicall xmlrpc.php exploit on the sucuri blog.
I wrote a quick monitor and installed it but it didn’t catch anything. I decided to write an add-on for the Stop Spammers plugin, just in case.
Today the monitor caught about 500 hits. Each hit had a thousand id/password attempts. The add-on caught them before they could execute.
You can only get the add-on if you download the beta version of the stop spammers plugin on this site. The plugin has an add-on installation page which includes the system multicall checker.