David Barroso Berrueta has written a great article on how he got compromised by a quite sophisticated spammer. Good research and reverse engineering. The vulnerability used were in a PHP application, Gallery or Geeklog (probably the latter), that had a programming error, the "sloppy code" variety.
I've been listening to these tripppy KLF remixes all day. Highly recommended.