Been hitting my sites too.

Probably the most useful thread is [webmasterworld.com...] but apart from that we are still in the dark it seems.

I don't like unknown bots :(

I think that it is a spider with the only purpose to find e-mail to send a spot for TrafficMagnet ( www.Traffic-Magnet.net ) which is a SEO service.
The owner of the IP of the spider and the IP of the commercial mail is the same:
CAPITALNETWORK
Capital Network Co. Ltd

Bingo! Good find.
Search the APNIC Whois databaseSearch results for '202.108.221.165' inetnum 202.108.218.0 - 202.108.223.255
netname CAPITALNET
descr Capital Network Co. Ltd
country CN
admin-c LY111-AP, inverse
tech-c LY111-AP, inverse
mnt-by MAINT-CHINANET-BJ, inverse
changed suny@publicf.bta.net.cn 20010416
source APNIC

Doesn't look friendly to me...

GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+/?
Host: nnn.nnn.nnn.nnn
Accept: text/html, */*
User-Agent: Mozilla/3.0 (compatible; Indy Library)

That's the first time I've seen this bot appearing to search for security holes.

I may be wrong, but judging by what has happened over the past few weeks it looks like whoever runs the bot has just been hit with the Nimda virus...