Any virus that is inside a password protected zip file, and that requires the user to type in the password should never have made it to it's 2nd/3rd infection. This one is social engineering at it's finest.. "Ooooh, a password, what's inside must be secret!" :^)
I can't really think of any legitimate reason to pwd-zip an attachment and then include the pwd in plain text in the body. I think it's safe to assume that any such message is malware and discard it as far up the chain as possible.
m5x
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
