hunts down vulnerable public facing SMB ports
this is what I thought, from reading the El Reg articles and other (supporting) articles that I found online, ones linked to from El Reg and other independent articles.
Although I had also heard about possible e-mail vectors, the primary vector appeared to be port 445 facing the intarwebs, which everyone with any kind of IT experience recognizes as being *VERY* *VERY* *BAD*.
thanks for the final confirmation on that. [it was in the 'teccy' El Reg article, too, but you had to look for it]
Seeing as those first articles were posted on a friday evening way after "beer o'clock", I'm glad they were more or less right on with nearly complete information.