Computer-implemented methods, apparati, and computer-readable media for blocking the replication of computer worms in a computer. A method of the present invention comprises the steps of: for an e-mail program installed on the computer, finding the location of a temporary holding area used by the e-mail program for storing and opening e-mail attachments; monitoring the temporary holding area for openings of target programs stored within the temporary holding area; and upon the opening of a target program for execution, implementing a worm mitigation procedure.