Lookout XP might offer more protection than previous versions, but in this case, so what? This virus doesn't depend on Lookout or Lookout's insecurities, it depends on users opening it, which will happen with any MUA. If one person on the LAN opens it, the rest are likely screwed, too.

It spoofs the from address and varies the subject line. Like it or not, users will click away at the thing, warned or not. The best wat to stop it is to prevent it from getting to users' MUAs by scanning for viruses at the server, or by flatly denying anything even remotely executable in via email.

1) This virus propogates itself by using it's own SMTP engine, doesn't need Lookout at all to spread.

2) It also opens up its own remote access server on port 36794 and starts a keylogger. No way for Lookout to prevent that.

3) It scans for network shares and propogates itself over the LAN. No way to prevent that with Lookout, either.

4) It's scans for shared printers and prints 500+ page dumps. Again, no protection there that Lookout can offer.

So, there's no logical reason to pay M$ for another upgrade to help prevent this virus as it doesn't exploit any Lookout weaknesses.

This virus also brings up another that I yell at people for a lot. Never, never, never run a Doze machine directly connected to the Internet, especially on a broadband connection. Even with 'personal firewall' software installed, you're still very vulnerable as this latest crop of virii is known to kill or maim these products, rendering them at best, ineffective.