There has been a recent spat of spam lately on WP-based blogs where the spammer was sending in comment after comment after comment. Based on what I've seen here, it looks like someone was targeting people by sending a POST command to the blog, adding 1 to the post id each time. This resulted in a large amount of span on existing posts, and it seems, on posts that don't exist. In the case of the post not existing, if the spammer hit a number that the blogger hasn't reached yet, the post will seem to be spammed "automatically" as soon as the post is published.
I've figured out a fix for it. If anyone wants it, they can find it in this thread here: http://wordpress.org/support/3/15514
Hope it helps to alleviate some of the problems we've been having.