Frethem is one of the newer crop that creates it's own SMTP server to propagate. From Sophos (I'll leave it to you to search for info on the others but you'll find that they too try to exploit Outlook.): >W32/Frethem is contained in the attached EXE file, which attempts to >exploit an Outlook bug in order to run automatically when the mail is read. Nothing can protect people that are willing to run unknown attachments. Which is why I never claimed not running Outlook would offer complete protection. Much more interesting here is the obvious question: Of the 200 lonely Outlook users there, how many of those that received the email got infected with and without actually running the attachment (95%?)? How many Eudora users got infected without running it (0%?)? And someone has really got to commend the IT department there for almost completely stamping out Outlook! At 08:29 PM 7/17/2002, you wrote: >I support 9000 pc's and Mac's at my job. About 3000 of them got infected >with the Frethem virus on Monday, we are still disinfecting their systems. >Of the 9000 about 200 have Outlook or Outlook Express installed. Klez, >Melissa, Badtrans, Nimda, Navidad you name it they got it and spread it, >without Outlook. The information you gave is misleading if not wrong. Eudora >and Netscape is used on these systems. - Users can unsubscribe from this list by sending email to 24hoursupport-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the Web interface at http://web.tampabay.rr.com/spider1/24hrsupport.htm.