No N00S is Good N00S

I spent the evening responding to a new virus. This one runs a program called n00s.exe and attacks Symantec AntiVirus on TCP port 2967. Nearly all of the machines in our domain have Symantec AntiVirus, so there is a lot of potential for destruction. Some machines get a message when Symantec's rtvscan crashes, but others get infected and go to the dark side.