This is the most I can find so far: http://www.cert.org/current/current_activity.html#port80 http://hacktivism.openflows.org/article.pl?sid=01/08/13/1237245&mode=nocomment http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0109&L=ntbugtraq&F=P&S=&P=1747 This is a doozy but details are sketchy. It seems to be playing on the vulnerabilites left by Code Red II. --Ben At 10:19 AM 9/18/2001, you wrote: >ok, a few of our clients were hit this morning by something that >tries to get your browser (on windows) to download a .eml file >which it would then launch via an .exe... > >i can't get to any virus sites, since all web traffic coming and going >is pretty hosed right now... > >so, is there a new worm out there? the IIS servers affected were >*supposedly* patched against the last batch... > >anyone? > > >--------------------------------------- >For unsubscribe and other options, including >the Tip Harvester and archive of TheList go to: >http://lists.evolt.org Workers of the Web, evolt ! ------------------------- Ben Dyer Senior Internet Developer Imaginuity Interactive http://www.imaginuity.com ------------------------- Quidquid latine dictum sit, altum videtus. -------------------------