Each day, when we review our spam feeds, we see links to hundreds of hacked or compromised websites that are used to serve as hosts for spam content, such as images, redirect scripts or malicious IFrames. Often these websites have had code appended to the end of each file or have had new HTML or PHP files uploaded to them. For example, here is a spam email sent by the Pushdo botnet. Three of the four links in this email lead to the same compromised website.
Below are two common examples of files that have been uploaded to compromised websites.
An analysis of the ACH spam campaign
Massive Rise in Malicious Spam
‘Just applied for my own @facebook.com email account’ Phish Spreading
Can’t Believe A Girl Did This Because of Justin Bieber? You Shouldn’t
RapidShare.com – The Phishing Begins