The story I mentioned citing CERT/CC's reference to tracking a bot net
of over 140,000 hosts can be found here:

	http://www.eweek.com/article2/0,4149,985392,00.asp

The shellcode generator that implements a macro language front end
that can be turned into a worm is called "KaHt.exe" (version II), and it was
released shortly after the RPC/DCOM vulnerability was announced. See:

	http://lists.insecure.org/lists/fulldisclosure/2003/Aug/0472.html
	http://staff.washington.edu/dittrich/misc/kaht2.zip

Dave Dittrich
dittrich (at) u.washington.edu