Watching the ports, there is a bit of activity on two that are of interest to us.  Take a look at your local flows and see if you are detecting increases on tcp/7212 and tcp/32768.  If you have any packet captures or analysis, please send it to us via our contact form.  Thanks!

Update
We got quite a number of responses regarding the TCP 7212 traffic. Jose Nazario si reporitng that he traced the scans to a proxy called "Ghostsurf". This proxy is frequently left open allowing others to hide behind it.

A netcat listener recorded traffic that supports this idea:

GET http://umsky.com/prx.php?p=p1234 HTTP/1.0
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: umsky.com
Connection: Keep-Alive

Only a small set of sources is currently scanning for this port.