Basically, it infects any Windows machine which executes it by copying itself to a bunch of different system files, and patches WSOCK32.DLL to allow itself to send itself via outgoing emails.
Who on this list uses windows? Since this is a virus and not a spammer, is it possible to find out who is the originator so they can be told that they have it?
These are some more headers(ONLY FROM YESTERDAY!!!): lucia (200-191-142-253-as.acessonet.com.br [200.191.142.253]) 0016756770 (slip-32-101-140-168.mo.us.prserv.net [32.101.140.168]) b9802010 ([200.33.20.65]) pavilion (defi-cas1-cs-26.dial.bright.net [216.201.30.28]) redoct (morr-cas3-cs-57.dial.bright.net [209.143.36.211]) b6g2y1 (ppp-3fa70952.pttv.losch.net [63.167.9.82]) dennis (168.16.226.200.in-addr.arpa.ig.com.br [200.226.16.168] (may be forged)) pavilion (host-12-4-134-169.acsworld.net [12.4.134.169]) billdaly (dialup117.c.watervalley.net [216.220.141.117]) hppav (adsl-64-218-173-108.dsl.austtx.swbell.net [64.218.173.108]) beto ([200.222.223.199]) rolando-s (cablelink42-153.intercable.net [207.248.42.153]) cr13859-a (cr13859-a.hnsn1.on.wave.home.com [24.112.154.122]) o5d9p8 ([200.61.137.212]) Nosferatu (claudius-asy-116.nepean.uws.edu.au [137.154.196.158]) katm (H1-252.viptx.net [12.18.120.252]) oemcomputer (202-154-142-247-tollfree.connections.net.nz [202.154.142.247]) oemcomputer ([216.79.71.16]) Is the worm randomly generating this stuff or is there a way to trace it? Howard Sacks webmaster@xxxxxxxxxxxx