This worm may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this worm drops a copy of itself. It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating a registry key.
It opens a random port where it listens for remote commands. It allows a remote malicious user to perform several commands on the affected system. This routine compromises system security and opens the affected machine to further attacks. It hides itself by using rootkit technology.
This worm drops hidden copies of itself in all removable drives. It also drops an
AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.
More...