Here are the first two articles in a series on what happened to a deliberately unprotected virtual machine. Regrettably there are all too many real machines that are like this - don't let yours be one of them

Tracking down hi-tech crime

When we put this machine online it was, on average, hit by a potential security assault every 15 minutes. None of these attacks were solicited, merely putting the machine online was enough to attract them. The fastest an attack struck was mere seconds and it was never longer than 15 minutes before the honeypot logged an attempt to subvert it.

Trapping hackers in the honeypot

The download installed automatically and kicked off a tsunami of background downloading. The forensic software we had installed on the honeypot saw it connect to three or four other sites and start downloading from them