"Nigerian" SPAM uses vulnerability in web applications?

Hello list,

Today I received several spam reports and I guess they are sent
through compromised web application of one of our customers.
The fact is I can't figure out anything from the message headers, also
from X-abuse headers except the exact time and my IP address.
There is no strange traffic/cpu activity at that time and I don't find
any "strange-looking" records in apache access and error logs.
The email message contains the following text:
---------------------------------------------
>From Engineer George Ogbedi
 Nigerian National Petroleum Corporation, (NNPC),
 P.o. Box 256 wuse2 Abuja,
 Nigerian
                                                                               
                                                                               
 Attn: Please
                                                                               
 I am Engr. George Ogbedi, The Director of the Contractors Award and
 Review
 Department with the Nigerian national Petroleum Corporation (NNPC). I
 am
 contacting you on this business of transferring the sum of
 US$23,615,000.00
 (Twenty-three million, six hundred and fifteen thousand United Stated
 Dollars only) into a safe foreign account and the need is very urgent.
 I got
 your contact from the internet when i was searching for honest person
 who
 will assist me to receive the money into your bank account and it is
 with
 business trust that made me to contact you on this matter. I write to
 solicit for the transfer of this money into your account.
                                                                               
 This money was generated from an over invoiced contract sum in my
 corporation (NNPC).
 I am contacting you for your help and partnership for the following
 two
 reasons:
 1. As a civil servant, I am not permitted to own foreign accounts due
 to
 civil service code of conduct.
 2. My present financial resources as a civil servant will not be
 sufficient
 for me to handle the transfer alone successfully without financial
 assistance from a reliable foreign partner abroad. 20% of this sum
 would be
 for you as compensation for using your Bank account in transferring
 this
 money, 5% would be used to reimburse the expenses made by both parties
 during the processing of the transferring which include, telephone
 bills,
 traveling expenses and fees. While 75% is for me.
                                                                               
 Please note that I will arrange to meet with you immediately after the
 successful conclusion of the transfer, the 75% share of mine will be
 used
 for investment overseas. Your assistance and co-operation is highly
 needed.
 I assure you that this transaction is 100% risk free. If you are
 interested
 I will require your banking information as
 mentioned below:
                                                                               
 1. Name to be used as beneficiary
 2. Your private and confidential telephone/fax number(s).
 3. Your bank name and address, your bank telephone and fax number(s).
 4. Or if you are not comfortable with providing your existing account,
 you
 can within the shortest possible time, confidentially open an entirely
 new
 (Virgin) account for the transaction. I would prefer this arrangement.
 I
 hope to conclude this business within the next fourteen (14) working
 days.
 Looking forward to your anticipated and urgent positive response via
 this
 e-mail box.
                                                                               
 Regards
 Eng George Ogbedi.

----------------------------------------------
Does anyone have any experience of dealing with this matter, or any
ideas that can help me to resolve the situation?
Any kind of help is appreciated!
Thanks!
 
  

-- 
Best regards,
 Ed