We detected a PHP Bot used to brute force *SQL databases (both internal and external). It is often hidden in the filesystem and hard to find without access to the server or logs.
We see those spam files often related with Phishing and or DoS (denial of service) attacks, using the compromised server as part of their botnet.
Any compromised web site.
Clean up: You can also sign up with us and let our team remove the malware for you.