A security flaw has been discovered in just about every Android phone running 2.2 & upwards that can be executed via a malicious MMS
Google has issued a patch, but it's down to the phone manufacturers to roll it out. In the meantime, one thing you really ought to do is disable the auto retrieve MMS in your settings. That should stop any nasties getting in through that door. If i find a list of manufacturers rolling out the patch, I'll post it here.