Scary stuff -- the techie details of the trojan discussed in the NYT article today -- Reverse-Proxy Spam Trojan - Migmaf (LURHQ):
LURHQ was able to obtain a copy of the trojan - detected from suspicious activity originating from a VPN user on a firewall on a network we monitor. What we found was the trojan was not a webserver at all, but instead: a reverse proxy server. Instead of hosting the content on the victim's computer, the spammer instead maintained a 'master' webserver. We have dubbed this trojan 'Migmaf'.