I get the suspect email.  It tries to autoexecute (run automatically) an attachment (DEFCON 1).  My Outlook Express settings pop-up the warning window and ask me what to do.  I choose not to run it, but to save it (normal procedure).  Upon saving it, Zone Alarm kicked in, and renamed it, on save, to a .zlo file (DEFCON 2).  Okay, right-click, "Scan For Viruses".  Nothing.  Hmmm. File name...a giveaway, "New_Napster_Site.Mp3.pif"-definitely a worm (DEFCON 3).  I open it in notepad (after asking Zone Alarm to allow me to save it normally) and lo and behold, there's the server stuff, registry entries to add, etc.  I go to mcafee.com.  They say I'm protected from Badlands.  I re-scan.  NOTHING.  I double-check.  Yes, I have the latest upgrade and dat. I scan with The Cleaner, it catches it (DEFCON 4 -DEPLOY), and cleaned it (deleted the file). Don't know what went wrong with Mcafee.  Also, this worm is using the new, more passive (less-detectable) infection method, like NIMDA.  I suspect we'll be seeing a lot more of these.

What got me was their home page saying in big letters that the dat file I have included it!
In the "old (read 'chain-smoking in front of a C prompt') days", I used Norton for everything.  I remember 'changing' SimCity to give myself like 60 million dollars with the File Editor.  Anyway, I lost faith in Norton when I saw it do horrible things to peoples' computers that in some cases only a format would cure, and I lost faith in their AV capabilities when I learned that their active email scanner leaves port 110 wide open all the time.  Not that somebody could hit it, but it shows winhack that there's something there...and an open port.

[ November 28, 2001: Message edited by: TWebMan ]