While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those websites were on IIS servers. When I see these patterns, I try to dig deeper and figure out what else those websites have in common. This time I revealed quite a few GoDaddy Windows servers have been pwned by “replica spam” hackers.
more here.........http://blog.sucuri.net/2014/12/iis-compromised-godaddy-servers-and-cyber-monday-spam.html
more here.........http://blog.sucuri.net/2014/12/iis-compromised-godaddy-servers-and-cyber-monday-spam.html