ISC Diary has new entry published recently entitled as "NT botnet submitted": http://isc.sans.org/diary.php?storyid=1657 After the release they changed the name to "botnet submitted" to describe the situation better.
The affected library of August's MS06-040, Netapi32.dll, is included to NT4.0 installations and public exploits reportedly work on NT4 machines. It is worth of mentioning that other Windows versions are not in safe, however. - Juha-Matti
