There is a new worm that exploits a flaw in Black Ice. The worm destroys data on infected computers. Symantec calls the worm Witty. The worm attacks via UDP. There seems to be a little confusion among the reports as to what ports are used. The vendor, ISS, says the source port is 4000 and the destination port is random. It is memory resident and most antivirus products won't catch it. Here's Symantec's report: http://www.sarc.com/avcenter/venc/data/w32.witty.worm.html The vendor, has released a software update. The vendor says "The worm is very serious in nature, with potential destructive properties." A detailed ISS alert is at: http://xforce.iss.net/xforce/alerts/id/167 Also, if you go to this page: http://blackice.iss.net/contact_us.php Click on Knowedgebase and you'll see recent articles about the exploit and the Witty worm. Some reports suggest unplugging the network connection for any computer that runs Black Ice until it can be ugpraded. Anyone running Black Ice on Windows desktops or servers will want to take action. We've posted a Bulletin at help.msu.edu/status which we'll update as we learn more. /rich