I'm sure you'll have seen in the news mention of the latest worm that's doing the rounds on the internet - W32.Blaster.Worm. This particular nasty will cause your machine to shut down and is designed to launch a DDoS attack against WindowsUpdate from the 16th. It is causing a whole lotta traffic on port 135 as the worm seeks to propagate itself.
We sat up late last night developing a small app that would use the port-forwarding abilities of a router firewall. Basically the incomming port 135 requests are router to port 10000 before they reach the machine so that Windows ignores them, and the app sends out a Net Send message to the connecting IP advising them they they appear to infected with W32.Blaster and would they please go to a webpage for more info.
It does have the side-effect of messaging back those Messenger spammers that lurk around the net as well, but that's only a plus in my opinion.
Most of the scans I get are from other NTL IPs, which indicates that the worm bases it's scanning on the local machine's IP, but there have been a few others. As a guide to how bad it's getting, I received 20 scans this morning while I was in the bath, and I wasn't in there
that long.
We may release the app when it's complete, but in the meantime check your firewall logs and let us know how many connection attempts you've had on port 135 over the past few days.