(I've removed the attachment for safety's sake and the body for brev= ity.) I get one of these every few days. The body of the message claims it= to=20 be a security advisory from Microsoft. It tells the recipient to open the= =20 attached "patch.exe" file (yeah, right) and click "Yes". As you can see from the header (below), microsoft.com is no where to= be=20 found, only "confidence.com". I used "lynx" to visit that website (becaus= e=20 lynx is pretty darn close to harmless for things like java, etc.) and it=20 appears to be "parked" but not otherwise in use. I'm guessing the "jyoung314@comcast.net" (see below) is some poor=20 Windows-user that the virus used as a springboard. (Does that mean that=20 jyoung has my email address "announce@rytetyme.com" in their address book= ?=20 Maybe I could send some highly focused advertising to them? Hah!) Assuming this to be a virus/worm Email, where would I go to get more= =20 information on it? Thanks! Suspect Email header follows: > Received: (qmail 19388 invoked from network); 18 Sep 2003 23:56:10 -000= 0 > Received: from rwcrmhc13.comcast.net ([204.127.198.39]) > (envelope-sender ) > by smtp-1-1a.secureserver.net (qmail-ldap-1.03) with SMTP > for ; 18 Sep 2003 23:56:10 -0000 > Date: Thu, 18 Sep 2003 23:55:57 +0000 (GMT) > X-Comment: Sending client does not conform to RFC822 minimum requiremen= ts > X-Comment: Date has been added by Maillennium. > Received: from udqy (pcp881447pcs.murdoc01.fl.comcast.net[68.56.210.59]= ) > by comcast.net (rwcrmhc13) with SMTP > id <2003091823554601500gin18e>; Thu, 18 Sep 2003 23:55:53 +00= 00 > FROM: "MS Security Department" > TO: "Partner" > SUBJECT: Current Network Critical Patch > Mime-Version: 1.0 > Content-Type: multipart/mixed; > boundary=3D"bvlzojlilbcextejg" > X-Nonspam: None > Status: R=20 > X-Status: N --=20 Ed Skinner, ed@flat5.net, http://www.flat5.net/