Why on earth would a spammer target a search engine on your blog? Let's start from the beginning. Several years ago Google pioneered a search technique called PageRank. Basically what it does is, in addition to looking at the content of a page they index, they also look at who links to a page and what that link says. This technology is what made Google very good at returning relevant results and made it the most popular search engine today. Because their ranking system relies so heavily on PageRank people can sometimes game the system in what's called "Google Bombing."
A google bomb is when a large number of different websites link to a page with the same link text to influence the ranking of that page for a search term.
This brings us back to the spammers. A spammer might have a site that sells a "mydrug" and wants to be at the top of a search for "mydrug" on Google, so to create the effect of a google bomb they leave comments on hundreds or thousands of weblogs linking to their site with the link text "mydrug". They don't really care if you see it, in fact they'd rather you didn't because you would delete it, they just want the search engine to see it when they index your page.
Comment Moderation is very effective in addressing unwanted comments. The best defense against comment spam is just watching your comments. Under
Manage → Comments it shows a listing of the latest comments on any post and you can quickly scan the comment activity on your site. The faster you respond to comment spam on your site, the less likely the spammers will return.
On the Combating Comment Spam page you will find a list of more proactive measures against comment spam, including links to helpful plugins.
A new technique is the spammers will leave a perfectly normal-looking comment except for the commenter's URI or name. The best way to watch out for this is to visit the URIs of people who leave comments on your blog. (This is a good practice anyway.) If one looks suspicious, either delete the comment entirely or leave the comment and delete the URI.
Another way of stealth is to use a div-tag around a bundle of hundreds of links. This becomes more and more common because many software displays directly the given HTML tags and not the HTML code. To avoid this the software must "strip-out", other word: filter the HTML tags while inserting the comment into the database.
The good news is that WordPress' built-in tools and history of combatting comment spam mean that most WordPress blogs get very little spam, and when they do it's easy to address. Here's a quote from noted web author Molly E. Holzschlag about comment spam and her switch to WordPress:
My ISP refused to continue dealing with me because the server molly.com resided on was brought to its knees twice due to spam floods. I was spending up to two hours PER DAY to undo the spam much less post. Since switching to WP, I've had exactly five emails sent to me automagically for moderation. 3 of them were spam, 2 were just enthusiastic posts with multiple links from a reader.
See also : Troubleshooting comment spam