A timely article from Infoworld about the University of California San Diego's analysis of a million messages/week revealed that the URLs inside the spam messages are vulnerable.

94% of messages referred to the same URL where the site of the spammer is hosted. Paper.

 

Edit