WMT alerts for sites which are [unknowingly] using SpamWare themes/plugins

would a webmaster get a "hacked alert" for having hidden links on their site via a known [to google] spamdropping CMS template or plugin, or something else?

Would the victim ever get a penalty?

I'm wondering does google fingerprint these things and not penalise the "victims"? CMS Theme makers putting hidden spam links in their plugins/sites is sadly becoming way too common, I'm wondering who suffers in these cases...

thoughts?

 

if your site is hacked and if any malicious code is injected on the site that either redirects the site to somewhere else or distributes malware, then you will get a warning in the WMT