Something happened last night that made me wonder if there might be such a thing as theme spam.

These themes were mostly produced for a design contest earlier this year. Lots of other people design themes and make them freely available. How possible is it that someone might design a trojan horse of some sort into their free theme that, when installed as the active theme, it sends out a signal to trigger comment spam to be sent to the blog that installed it?

I have comments set to go to moderation if I haven’t approved your comment before (they go there sometimes even if I have; I suspect dynamic IPs have something to do with that). I get comment spam periodically, usually in ones and twos. Last night, I got 40 comment spams. They’re easy to deal with, I picked out the two legit comments in there, marked the rest as Spam and dispatched them to wherever comment spam marked as spam gets sent. I’ve just been wondering if this theory has been tested or if it might already be reality. Anybody know?