-yes, but its not TCP it's an SQL worm (eg, v. fast and no handshakes), it masquerades as a single harmless UDP packet but overruns the buffer (microsoft specs: "16 bytes ending in 00"), on past the 128 of memory reserved for SQL and into the next stack, dropping your little load (at the end) into memory! As it opens it thinks its a routine query. Pretty neat I thought, specially as most people don't even realise that they are running SQL (it's built into their Microsoft program) -ha