This is a new worm, or virus, that DOES NOT SPREAD VIA EMAIL. This means that any system connected to the internet, which is not protected by a correctly configured firewall is potentially at risk.

This worm works by taking advantage of a vulnerability, or security hole, found in Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003. This security vulnerability has only been known about since mid-April, so the speed with which this attack has been crafted it quite concerning.

If you are in a corporate environment, your systems administrators will have taken steps to block this attack at the firewall level by blocking Ports 5554, 9996 and 445; you probably don't need to take any action. If you are a home user or small office user without a firewall (if you don't know if you have one, you probably don't have one), you MUST patch your system to remain secure.

Patching your system is fairly simple; you simply have to go to Windows Update and download the patch. To protect yourself from this virus, go to Windows Update and scan your machine for updates. Install any critical updates - this may take a while if you are on a modem connection, and importantly, while you are connected you are at risk - so do this step first.

Detecting an infection is difficult - it will slow your machine and internet connection down as it tries to propogate to other systems on the internet, and will sometimes make it harder for you to shut down your machine. If you think you might have been infected, you can use the a removal tool from Symantec to clean your system. The tool, and important instructions on how to use it can be found at the Symantec Anti-virus Website.

To find out more about the security hole in Windows this worm takes advantage of, read the Microsoft Security Bulletin MS04-011.