I wanted to see for myself just how quickly a machine would be infected, how it would be infected, and how frequently it would be probed. Rather than putting a target machine openly on the Internet, I decided to use the Nepenthes malware collector.
Read it here
I must say that I found it quite alarming how quickly Nepenthes has started to collect information about attempted break-ins and automated malware downloads! Its very interesting to see the large number of entries for Unknown DCOM Shellcode. By far the most frequently seen piece of malware has been mssmpp.exe,which seems to be a derivative of the W32.IRCBot Trojan which has been hanging around since 2002; this Trojan will infect the host, which then becomes a member of a botnet. As previously discussed, these botnets are used for all sorts of underground activities, most frequently spamming, launching denial of service attacks, and online fraud.