Security operators from around the world reported a spike in the number of so-called SubSeven (Port 27374) probes. Hackers were apparently hoping to find machines with an asp service vulnerable to the Windows SubSeven Trojan.

Most of the probes were coming from IP's within the Korean telecom provider Kornet's domain. News reports later suggested that this was in retalliation for the deaths of two teenage girls killed in a car crash reportedly involving U.S. soldiers.