do you think this was caused by employees with laptops from home, who were vunerable, and then connected to company resources? or did the attack make it through the ms firewall?
i can't get my mind around a major company allowing those sort of port requests through the firewall.