This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
It drops a copy of itself. It also drops a component.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating a registry key
It gathers target email addresses from files with certain file name extensions. It avoids sending email messages to addresses containing certain strings.
This worm uses its own Simple Mail Transfer Protocol (SMTP) engine to send the email. Having its own SMTP engine allows it to send messages without using any mailing application, such as
Microsoft Outlook. It then uses the
Gmail and
Yahoo! Mail addresses it has gathered to spoof the
From field of the email message it sends out.
More...