To say these sites are compromised is a bit extreme. People who
were allowed to create profiles (i.e. this only happens to sites where
anybody can join) could take advantage of a minor XSS vulnerability to
seed google requests. Additionally there was a apparently more common
avenue of attack
Yeah, I just did a quick Google search and followed the first 150 links,
and about 70-80% of the sites have already fixed this, and return a 404
when I follow the link (if you do this, remember to turn off JS first!)
It's a minor issue, and I do think we nipped it in the bud before it