However, for y'all's amusement, here's the portscan I did of one of the spamming hosts in question:
Starting nmap 3.20 ( www.insecure.org/nmap/ ) at 2003-04-13 19:00 PDT Interesting ports on 24.196.192.51: (The 1569 ports scanned but not shown below are in state: closed) Port State Service 18/tcp filtered msp 20/tcp filtered ftp-data 21/tcp filtered ftp 25/tcp filtered smtp 79/tcp filtered finger 80/tcp filtered http 81/tcp filtered hosts2-ns 110/tcp filtered pop-3 119/tcp filtered nntp 135/tcp filtered loc-srv 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 140/tcp filtered emfis-data 143/tcp filtered imap2 443/tcp filtered https 445/tcp open microsoft-ds 465/tcp filtered smtps 563/tcp filtered snews 1025/tcp open NFS-or-IIS 1080/tcp filtered socks 5000/tcp open UPnP 6000/tcp filtered X11 6346/tcp filtered gnutella 6502/tcp filtered netop-rc 6547/tcp filtered PowerChutePLUS 6548/tcp filtered PowerChutePLUS 6558/tcp filtered xdsxdm 6588/tcp filtered analogx 6666/tcp filtered irc-serv 6667/tcp filtered irc 6668/tcp filtered irc 6699/tcp filtered napster 8080/tcp filtered http-proxy 12345/tcp filtered NetBus 12346/tcp filtered NetBus 16959/tcp filtered subseven 27374/tcp filtered subseven 27665/tcp filtered Trinoo_Master 31337/tcp filtered Elite 54320/tcp filtered bo2k Nmap run completed -- 1 IP address (1 host up) scanned in 29.055 secondsThat's a whole lot of suspicious ports open, especially when 31337 and 54320 (back orifice 2000) ports are mentioned as being filtered, as are the various IRC ports. That stinks of a whole lot of trouble. Sigh.