Got hit by a mountain of comment spam last night. In this case I'm certain the content was coming from compromised sites as there were several hundred duplicate entries all coming from individual machines located across the planet and all at the same time.

Hackers have it easy these days. Modern tools give them a point-n-click interface into a bank of compromised sites. Send spam from all drones. Launch virus from all drones. Or you can select specific drones.

So you might find it strange that I'm not cursing the spammers. Sure, it's an annoyance. But this gives me a real-world test of my anti-spam tools instead of simply theoretical scenarios. None of it got through because comments on this site are moderated anyway - but I was able to uncover some patterns that I will put to use so that ultimately, more of the junk will be rejected outright and  won't even show up in the moderation queue.