Six months ago, in July 2012, I wrote about "Hacked E-mails and Web Sites Pushing Weight Loss Drug Spam."
Now in January 2013, hackers and scammers are up to the same tricks.
(If you believe you may have been victimized, you can skip to the bottom for suggestions.)
I've recently received three e-mails from two hacked Yahoo! accounts owned by people I know. Each e-mail contained only a link and no explanatory text, and the subject line was blank.
In each case, the link address contained a directory called "wp-content" which indicates that all these spammed pages were hosted on hacked WordPress blogs (although I later discovered other hacked sites without wp-content in the URL).
At least one of these hacked blogs was using an outdated version of WordPress (3.3.1). One site didn't display the version number. Surprisingly, the third hacked site was actually running the current version of WordPress (3.5). Most often when I've seen hacked WordPress sites they've been running an old version of WordPress for which there are publicly disclosed vulnerabilities.
If a victim clicks on the link in one of these e-mails that appears to be from someone they know, they are redirected to a page that either says "You see this page because one of your friends have invited you. Page loading, please wait...." or else it automatically redirects right away or in 1 to 5 seconds.
read more.............http://security.thejoshmeister.com/2013/01/hacked-e-mails-and-web-sites-pushing.html