This worm may be dropped by other malware.It may be downloaded unknowingly by a user when visiting malicious Web sites.
It drops copies of itself.
It creates registry entries to enable its automatic execution at every system startup.
It creates registry key(s)/entry(ies).
It searches the network for certain shares, into which it attempts to drop copies of itself.
It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.
It launches certain types of flood attack against target sites. It does the said routine to render target sites inaccessible.
More...