Tim Thomson wrote:
Further to this, most (if not all) of the pinging machines are listening on port 707, and 1025 (as well as 139 often).
Then perhaps this report might shed some light. <snip> WORM_MSBLAST.D Description: TrendLabs has been receiving several infection reports of this new variant of WORM_MSBLAST.A http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.... It usually arrives as DLLHOST.EXE (~10,240 bytes) and opens port 707, for its malicious routines. (Note: There is a normal system file with the name DLLHOST.EXE but is only 6 kilobytes in size.) </snip> New variant of the MSBLAST virus. Haven't had a good look at this as I've only just finished work and sleep is the most important thing on my mind right now. -- Gavin Grieve