Hi spg SCOTT,

Just in retrospect what happened there was that the false fake site (now taken down) showed a pop-up, trying to load a JAVA Exploit to install the following worm, Worm.MSIL.Arcdoor.ab can launch an HTTP server on a random TCP port, this is then used to download the Worm.MSIL.Arcdoor.ab executable file to other computers. Worm.MSIL.Arcdoor.ab steals the IP addresses of computers in the same network as the victim machine and attacks them via a buffer overrun vulnerability in the Server service. This for all that missed this online miscreation ;D

polonus