I received a botnet/drone complaint from shadowserver.org today (delayed due to holidays) regarding my exit node:
timestamp ip port type infection cc cc_port 12/29/2011 19:52 173.208.132.210 48586 32097 US MISSOURI KANSAS CITY tcp mebroot ukixxuug.com|MAOS/0EC20201 14DF137A55320641 84.163.151.128 80 3320 DE 1
If I'm reading this correctly, they identify "mebroot" as the source of the problem. As this is a Windows MBR trojan it obviously doesn't apply to my Linux system. I scanned my system anyway and found no unexpected processes running.
My DirPort is set to 80, which may explain that value in the complaint.
Any thoughts on what to do to avoid further complaints? Shadowserver addresses the topic of Tor exits here:
http://www.shadowserver.org/wiki/pmwiki.php/Involve/TORNodesAndReporting
Thanks.