In the comment under the previous entry appeared a link to the information, that spam is being sent from a hacked WordPress sites.
WordPress is a leader in its category. But with a few clicks one can install additional, independently developed extensions. I have once had to peek into the code of a few and noticed, that the code quality was sometimes lagging far behind the plugin popularity.
Yesterday I have accidentally entered another hacked WordPress site (the screenshot aside). Contrary to the declaration, the attack was not harmless: hackers not only changed some files, but also service passwords.
No one can deny facts. Free scripts have, apart pros, also a specific cons. The issue is worth own article, so meanwhile I'd like to encourage owners of WordPress based blogs to stay alerted and pay close attention to any unusual behavior of their systems. „Paid hosting doesnt mean that you are secured!” - so to quote these Sector Dz Algerian hackers.
The owner of the attacked blog, asked for details, kindly shared the list of changed files. These were Parallelus Vellum theme files: index.php, 404.php, archive.php, archive-portfolio.php, author.php and checkbox-bool-type.php.
Besides changing existing passwords, attackers added a database user named (who would guess?) „root”.