Follow up... The web page on infected servers includes a script to send and open the file 'readme.exe' on windows machines. I do not know the details of when the executable does yet. Mark