If you or your staff have dealt with kornet.net (a Korean ISP belonging to Korean Telecom), and specifically abuse@kornet.net in the past, beware: It seems that they've been overrun by the brand-spanking-new W32.Nimda.E@mm worm (**) sometimes late last night. Specific case in hand: yesterday at 9:40pm EST, I received a mail with a Subject: line of an UNRELATED abuse issue (hello MFNX/XO/ Above.net :) that contains a MIME attachment with an auto-playing "sound file" of sample.exe , openened in an <iframe> of your favorite Microsoft email client. Source IP of the mailing : 210.222.17.36 (/24). Mental note to all abuse desk personnel and publicly visible contacts: do not use Microsoft, or any other widely used piece of software to read and process your mail. Auto-adding mail senders to your Outlook addressbook could be considered a deadly sin. Anti-Virus software with definitions older than 24 hrs seem to be a real hazard, too. bye,Kai (**) http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.html