VBS/Chick.D is a worm that spreads via e-mail and IRC using a message that refers to Bill Gates and contains an attachment called "Mocosoft.chm". Once the attached file is run, the worm creates two files on the infected system ("Mocosoft.chm" and "Script.ini") that will allow it to spread. The file "Script.ini" will only be generated on the system provided the IRC chat application is installed on the computer. Once the worm has carried out is payload, it displays a series of messages on the screen. VBS/Chick.D consists of a compiled HTML file 35,573 bytes in size. Gibmonk.2256 is an MS-DOS, memory resident virus that infects COM or EXE executable files. On October 10, if an infected SYS file is run, the virus will display a message on the screen. Additionally, on March 8, Gibmonk.2256 replaces all the image files in GIF format found on the system with an image showing the Gibraltar flag. Finally, in order to carry out its payload, Gibmonk.2256 creates a dropper file -with a random name and extension -, and modifies the "CONFIG.SYS" file. We will finish today's report with JS/Trojan.Seeker.O, a Trojan written in JScript that only works correctly if the Windows Scripting Host is installed on the infected computer. This malicious code changes the Internet Explorer home page and inserts an entry in the Favorites folder.