There hasn't been much press about it, but many websites (including this one) increasingly are under attack from zombie armies, clusters of Windows PCs that have been infected by viruses that allow them to be commanded and controlled remotely by spammers.
Typically a virus installs a "back door" on an infected PC that allows it to respond to remote commands. These commands are relayed through Internet chat systems in a chain designed to disguise the identity of the spammer.
Sometimes they're used to send email, but that's becoming increasingly difficult as Internet providers block direct outgoing email from their networks.
So the current hot ticket is to post blog spam. The trick involves gaming Google's search algorithm, which raises the "value" of any Web page depending on the number of links to that page. Links from other "valuable" pages are especially powerful, so spammers try to target well-regarded websites.
Earlier tonight I killed five or six hundred spam postings that were full of links to porn and scam sites. If you wonder why I don't allow immediate direct postings of comments, that's the reason.
These postings come in bursts, and the bursts can force a website to its knees, particularly if they are malformed requests. Some of our servers at work have seen thousands of automated requests simultaneously.
The latest twist is harvester bots that grab text from blog postings, insert links to spam sites, and post the result to fake blogs at Blogger.com. I have an RSS feed from Icerocket that helps me monitor blog postings that refer to me. Lately I've been finding my own words picked up and pasted together with blog spam links on fake blogs.
The irony is that none of this really helps the spammers. Google does a pretty good job of ignoring those spam blogs, and most legitimate blog software now uses a "rel=nofollow" tag on comment links that instructs Google to ignore the links.