Hi pchelpers, "It comes in an email that looks like it's from Microsoft, and is disguised as a Microsoft Internet Security Update with an attachment. IT LOOKS VERY REAL. It includes the link that makes it look like it's going to Microsoft's site. If activated, it places a trojan backdoor in the infected system. Remember, Microsoft never send emails with updates attached." Does that sound familiar? It's a description of W32.Gibe@mm, which was discovered March 4, 2002. Sounds like Swen/Gibe.F, doesn't it? I wonder how many people got kicked by Darwin twice... http://securityresponse.symantec.com/avcenter/venc/data/w32.gibe@xxxxxxx --Scott. Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig> Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi List archives at //www.freelists.org/archives/pchelpers PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig Good advice is like good paint- it only works if applied.