It sounds more like a server problem rather than an IPB problem... tried contacting your host?
Yeah, sorry - I was just thinking out loud really
When I went into the admin CP to send out a message about this to all memebers, I saw that there was a listing for the spam message that went out.
It looks like Ally is right, about the vulnerability which allows SQL injection.
Done a test on a test forum using the SQL Injection bug. It DOES work and can give you the login ability of any member on the forums (it does not give out passwords).
An upgrade to 2.0.4 resolves this issue. (Not going to give out details on how to perfom this).