Most recently, I've found DVRs being spammed through. This is the kind of "default password"/"open Cisco" abuse that is very hard to detect with an open proxy scanner without, well, logging in and seeing if you get a shell.
Has anyone ever seen this? What can I do to prevent it?