Anybody else see any significant activity?

We had quite abit and had to block access to 7 different IRC servers, most in Korea but some in China. It was based off of Rbot and issued commands to have the infected computers scan on both 139 and 445 for targets. It also spread via open or weak shares. The funny thing is that it had a rootkit component which was probably the easiest rootkit to remove that I've ever seen. It didn't make that many reg changes and was zapped instantly by our AV. Overall, it wasn't hardly able to do any damage to the machines, however did generate alot of noisy scan activity. Another unique thing about this bot was that it was running its IRC on channel on port 443 to try to hide in the normal SSL traffic, but it stood out like a sore thumb. ISC is reporting an NT version of this, however I'm thinking that its just a target of opportunity because its no longer supported. Hope you don't have any NT still running :-)

Then many businesses are dead wrong. Some systems won't run on upgraded OSes. NT will be around for at least another 5 years. Until the systems go down due to an attack.

yes those business are dead wrong and they shouldnt be on the net

Don, takes the right approach if you have a system that only runs on NT it shouldnt be on the net. 

guess i should have been a little more specific in my reply.  believe me i understand, work had to pay a couple of thousand dollars to have some build a "new" 486 P2 computer because the software would only run on Windows 98!  i didnt say NT wasnt useful but running any unsupported OS is a bad idea, IMO, from a security standpoint.  especially if they are tied to internal or trusted networks.  there are safe ways to do it but most people probably dont.