A number of anti-virus vendors, including Trend Micro and Computer Associates, have warned of a virus with a new approach. It is known variously as QAZ.TROJAN or QAZ.WORM, and was officially renamed to W32.HLLW.Qaz.A in September. The virus enters via unprotected shared drives and usually replaces the Notepad.Exe application, although there have been occasions where Notepad was not the victim. The virus then provides a backdoor to outside intruders, giving them in effect remote control over the computer that has been infected. This analysis contains some suggestions to protect your machines.