I had an issue with my server this evening. Actually its been going on for a few days. There was a big surge in traffic, so I started investigating. Most of the traffic was email, I did some digging.
Found a rouge php file, its hashed so not exactly sure how it works, but simply it appeared to allow mail to be sent via a call to the rouge page. Quite clever really it show how increasingly intelligent these attacks have become. In the past it used to be script kiddies automatically scouring using penetration tools. Now they are targeting hole in exiting websites and injecting in rouge code.
I guess that a sysadmins life never gets any easier.