A TheReg article confirms what we've all suspected (if not known for sure) for some time: viruses "call home" from infected PC's, and the writers - or the managers of the trojan network thus created - give or sell the addresses of the drones to spammers.
Another thought-provoking Virtuelvis article: Internet Explorer is the problem. While I do not completely agree, still I think that IE and a couple of related programs have gone a *long* way towards dumbing down users to the point that the vast majority of users are either absolutely unaware of most of the risks lurking on the Internet, or - even scarier - absolutely unconcerned, because it could never happen to them.
I really think I may write a bit more on the subject tomorrow, but right now, I'm already kinda sorta late for the first class of the Network Security course for the second semester.
I think I'll write something more about this in my blog proper, but for the present, here's a great write-up by Mark O'Neill about web application security, SQL Injection, and the curse of the O'Neills. Thanks to Tony Bowden.
Update: As it turns out, this is just one illustration in a book called Unix Network Administration Guide for PC Unix-like OS's - Linux, *BSD, etc. Quoting Norikatsu Shigemura, "Its sales point is to contain many cute illustrations, in-depth and maniac descriptions and comments, and talking with girls (called scene)." Sounds like a good read, pity it seems to be in Japanese :)