If you have any additional hacks installed in VB such as the ability for users to create their own pages on your site as well as other similar hacks then its really simple for users to take advantage of your sendmail scripts... Try installing any vbulletin updates and check all scripts please secure your site before attempting to take revenge
Even without hacking the site, its simple to pm everyone and email everyone on your site especially if you have the member list option enabled...