Spammers are hijacking legitimate Web sites to disguise their traffic and throw off anti-spam and anti-virus filters.

Security company Sophos, Inc. issued an advisory
Thursday morning, warning IT managers and Web masters that spammers
have a new trick up their sleeves. Using PHP vulnerabilities, they are
hacking into various Web sites and patching their own traffic through
them.

Story continues at informationweek.com