So, one day, I noticed one of my servers was sending a ton of emails out to dodgy looking ….@mail.ru or ….@list.ru addresses. UH OH!
At first I thought the mail server on my webserver had been compromised. On further investigation I managed to see to that the contents of these mails were account registration validation emails. Looking in the Magento admin (Customers>Manage Customers) I saw them…thousands of new customer registrations – with Russian copy in the name fields and, on the whole [something]@mail.ru or [something]@list.ru addresses but also some with [something]@gmail.com.