XMB forum
I would advise all hosting providers to search for and remove the file called 'emailfriend.php'. You can look at an example here. As you can see, it doesn't take a genius to work out how to abuse this. We had someone hitting it every few seconds with dozens of email addresses, nasty stuff.
