Looks like our IT group got on top of the worm problem, and the CST sites are back up. I'm wondering if this came into corporate via a remote user through VPN; the remote people aren't necessarily up to date on port blocks and patches, and VPN opens an interesting vulnerability. I haven't examined VPN software in any depth, but I have to believe that the VPN server can block ports...