Robert_Charlton - 7:54 pm on Apr 6, 2013 (gmt 0)
any clue on what sites are
I'm assuming that the power spammers already are aware of the easiest targets, but I still don't want to draw a highly specific road map. Broadly, though... the sites beyond those running on "common CMS systems", the high PR hacked sites I've seen are most often nonprofits and .edus that are well-linked and highly trusted, but which lack budget and/or knowledge to install security patches and to fix things once they've been hacked. The nonprofits are often set up and staffed by volunteers.
One non-profit that I rely on for information seems to get hacked routinely. I've let them know about it, but it's all they can do to keep the organization going. And, as goodroi notes, with many of these sites it's often "near impossible to convince them [we're] trying to inform them for free and not making a sales pitch."
For those with access to Supporters, this thread might be of interest...
Massive Google Pagerank Exploit
Definitely read this Matt Cutts blog post on the problem....
Example email to a hacked site
April 27, 2012
As Matt notes in the blog post, Google can't install everybody's security patches for them. He does provide a list of resources Google has created to help.