We see a lot of this traffic too, and I found quite a few infected machines at customer sites. Some filters are in place, and our CERT has been asked to raise this issue with the customers in question.
Seems to be a virus spreading through Microsoft SQL Server's "Monitoring" service; possibly using one of the vulnerabilities documented in http://www.nextgenss.com/advisories/mssql-udp.txt -- Simon. ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
