That’s a hard question to answer, because there are several things to consider.
The first thing to do is to try to determine if your block has been hacked. Manually browsing through your database for unfamiliar data is a good way to check, and there are WP “security scan” plugins about that can help (see WordPress forums, planet.wordpress.org, an the codex, for more information on how to tell if you have been exploited).
I’ve just been through “resurrecting” a blog for a client that refused to keep her site updated, and was hacked. It can be tricky business, as you need to have a “clean” database to use for the upgrade, and with a version as old as the one you are using, you may have to do a series of database upgrades or “fool” the database upgrader by twiddling the version numbers.
This is “less that trivial”, so you might want to enlist some help if you are not comfortable directly manipulating your database and possibly going “off the reservation” (using techniques not described in the “routine” upgrade instructions) in doing the multi-version upgrade.
The very first step is to try to get a “good” version of your database that you are sure is free of “suspect” content. It took me several hours to locate the “best” of my client’s “backup” databases (she didn’t even notice the “hack” at first), and once I had found that, a couple of more hours to thoroughly search it for bad stuff and purge what I found. You MAY be able to recover a “last know good” database via the DH panel, but they don’t keep versions for long, so if this problem has been ongoing, all the databases they have may be “bad” (They’ll likely “work” but they may have the hacked data in them).
This is one reason why you should regularly back up, and keep several backups, of your database. You can always “re-install” the code for your blog (WordPress itself), but you most likely don’t want to start over with your blog.
What is the url for your blog? Maybe by looking at it “in the wild”, one of the “experts” here can spot the problem or determine if your site was compromised, and that might help you decide how to proceed.
At any rate, if you can get a good database copy (using phpMyAdmin or other MySQL tools), then yes you should upgrade. How far you upgrade is up to you - 2.5 is the latest and is the most secure, but some folk are having problems with the new flash image/media uploader that have NOT yet been resolved. Because of this, you may want to hold off on 2.5 and stay with 2.3.3 so you can know you can still use WordPress to upload media (which is really discouraging as there are identified security weakness in 2.3.3).
Alternately, you could TRY a “one-click” 2.5 install as a test with a subdomain, and if the uploader works for your O/S, browser, and flash versions, then go with that!
It is a pain to upgrade, I know, but is is guaranteed to be a bigger pain to “unbork” a “borked” blog should it be exploited.