If you visit the url (which you should obviously NOT do ;p) you get infected with a 'BotNut' trojan variant. F-Secure recognizes it as 'Backdoor.IRC.Botnut.b'. Trendmicro doesn't seem to recognize it at all (but it has some info on botnut.a online, in contrary to f-secure which has 0.0 info on botnut online).
Trojan connects to a couple of irc servers... gamesnet.com but that chan is banned, some other attempts too I guess, and also one that does work which is 213.114.171.71 port 6668 channel #botnut key botnut... running some ircserv called 'beware' using a (fake) irc serverhostname 'botnut.org' (tada! ;p).. and almost all commands are blocked (who, whois, names, userhost, mode, etc). Channel just had 3 users (of which 1 was me) when I joined btw.
Unfortunately I wasn't able to (quickly) find the spam thingy/strings itself, but I guess your filter will be just fine :).
Oh btw.. the virus uses the mshtml exploit... not very original :p.
The idea is to try and prevent things like "Someone just msged me with http://......&item=12345, what do I do?" from getting you caught. So if you set it to require all numbers, and to end with the numbers, you get less false positives.