Good to see other people are having as much fun as I am with this one. The last week has been miserable.

I thought our firewall finally died. I logged onto our router (which was working OK) and the prompts displayed slowly - very odd. I sniffed the network and logged about 17000 pings in less than 3 seconds. And we can't have more than 70 hosts on the network. Had to patch each one. Probably some boob plugged in their infected laptop - which I sent multiple messages out advising against this last week.

I tried writing a script that applies the fixes then removes the worm - but apparently vbscript isn't case sensitive when telling a computer to terminate the svchost.exe process. The worm's svchost appears as SVCHOST.EXE while the legit svchost.exe is all lower case.

As a side effect - because the firewall was swamped - email slowed to about nothing yesterday - possibly preventing the spread of the new sobig worm. Either way, sobig's payload (.scr, .pif, etc) are blocked and tossed in the bit bucket at the firewall.

Then - while patching workstations - a transformer blew up outside our office - all the server upses screamed but the power never did go out. I was crossing my fingers that it would go out.

It has been an interesting week!