msblast

["harq deman" <harqman () btopenworld com>]

yawn.. OK.. the worm.. again

It scans a randon b class based on the current hosts address
it does not kill any AV products or firewalls
it does not hide processes, files or network activity from the kernel

when it packets windowsupdate.com on the 16th, it spoofs the last 2 octets of the source ip address, and continues to 
scan

D-.. must try harder

--harq