Hello,
Please check this:
1) OS Attack: MS Windows Server Service RPC Handling CVE-2008-4250
MS Windows Server Service RPC Handling CVE-2008-4250 is used by Threat -
W32.Downadup
http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99
To know more about the Patches, visit the link below:
2) OS Attack: MS Windows Server Service NetAPI CVE-2006-3439
To know more about the Patches, visit the link above.
OS Attack: MS Windows Server Service NetAPI CVE-2006-3439 used by Threat -
W32.Rinbot.E
http://www.symantec.com/security_response/writeup.jsp?docid=2006-022315-3727-99
3) OS Attack: MS RPCSS Attack CVE-2004-0116 2
http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=20386
4) SMB Guest Login
http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=21545
All the Attacks which you described happens when you have vulverabilities on the machines from where the attack happens.
As Ryan Described above, "The Network Threat Protection logs will tell you just about everything you need to know (which machines are attacking, for example). Export them and view in your favorite spreadsheet program."
I would Suggest the Following Plan of Action:
1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions and
2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines
3) Follow the Links provided above and update all the patches as required.
4) Disable Auto play with GPO
http://support.microsoft.com/kb/953252
5) Disable Scheduled Tasks with GPO
http://support.microsoft.com/kb/310208
6) Enable Security Auditing with GPO
http://support.microsoft.com/kb/300549
7) Scan ALL the machines...
You could also Enable "Risk Tracer" - To understand what is it and how it could help you, I would recommend you to read the Article below:
What is Risk Tracer?
http://www.symantec.com/business/support/index?page=content&id=TECH102539
How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection
http://www.symantec.com/business/support/index?page=content&id=TECH94526
Hope this may help you.