I got hit last weekend. It turns out the spammer had hijacked a small company’s Citrix server and was running the script from there, so I contacted their IT dept. that Monday and let them know that they’d been cracked and that their reputation was at risk.