This worm may arrive either bundled as a component with malware packages or downloaded unknowingly by a user when visiting malicious Web sites. It drops a copy of itself and a DLL component in the system. It then proceeds to modify the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, this worm hides files with both System and Read-only attributes.

This worm propagates via physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.



More...