Brett,
I don't know what you've read since this post; but I have experienced
the impat of the ILY worm at one of my client sites...
It looks on all drives mapped to user in all directories for files
with
.js .jse, .css, .wsh, .sct, .jpg, .jpeg, .hta extension.
any files found will be overwritten with same name but vbs extention.
This file contains the vb script/code that is the worm....

One of my clients had development area with screen files...
all the sct files were trashed...
I grabbed one and viewed in in editor (DO NOT CLICK on file in explorer!!
it will execute script.) and that is how I got this info.

David


>>>Garrett,
>>>
>>>Has MS officially notified the press about the danger that the ILY worm poses for VFP/FP users?
>>
>>Al,
>>
>>It isn't going after SCT files because it thinks they're VFP files. It goes after them because it thinks that they're Windows Script Component files. The two share the same extension. BTW, DBC index files (extension DCX) can be mistaken for image files.
>
>George in the virus code can you tell me what it is trying to do with the CSS, JSE, and JS files?