Isn't the port 4662 used by the first version of the MySQL worm which seriously slowed down the Internet 3-4 weeks ago?
After re-reading an article about it, I guess it must be it.
As it is not an outbound connection but a scan, you can't blok it more efficiently than with your firewall if we exept contacting the user(s) who is(are) infected and who scan(s) you.