http://xforce.iss.net/xforce/alerts/id/167 For those that run BlackIce and/or RealSecure.... Quoted from the page: Synopsis: ISS X-Force has learned of a worm that is spreading via the ICQ parsing vulnerability in ISS products that was announced on March 18th. The worm targets unpatched versions of the BlackICE PC Protection product. If a vulnerable system is infected, the Witty worm attempts to propagate by scanning random IP addresses. The Witty worm progressively writes junk data to physical hard drives after transmitting 20,000 packets, causing data damage. Impact: The Witty worm uses hard-coded addresses and only has the ability to infect certain builds of the Protocol Analysis Module (PAM). The Witty worm is destructive to the target system, and overwrites key hard disk sectors after sending out its payload. The junk data written to disk may impact system stability and cause a "blue screen" to occur upon reboot. The Witty worm only infects specific builds of PAM listed below, and can only infect Win32 systems. Affected Versions: BlackICEâ Agent for Server 3.6 ebz, ecd, ece, ecf BlackICE PC Protection 3.6 cbz, ccd, ccf BlackICE Server Protection 3.6 cbz, ccd, ccf RealSecure Network 7.0, XPU 22.4 and 22.10 RealSecure Server Sensor 7.0 XPU 22.4 and 22.10 RealSecure Desktop 7.0 ebf, ebj, ebk, ebl RealSecure Desktop 3.6 ebz, ecd, ece, ecf RealSecure Guard 3.6 ebz, ecd, ece, ecf RealSecure Sentry 3.6 ebz, ecd, ece, ecf Note: No Proventia products are affected by the Witty worm. The newest updates for all products are not vulnerable to exploitation.