Internet Storm Center is reporting a large increase in port 139 scans. Not much information on the spike yet. 
Sans is notes that the data for Sources, Targets and Reports shows all three are on the rise.
There could be several possibilities for this. For starters, Microsoft released a patch for MS06-040 which was already being exploited in the wild.
You were right:
http://isc.sans.org/diary.php?storyid=1660
W32/Sdbot.worm!MS06-040
http://vil.nai.com/vil/content/v_140440.htm
W32/Vanebot-A
http://www.sophos.com/virusinfo/analyses/w32vanebota.html
Posted by: Corsin Camichel | September 01, 2006 at 05:35 AM