To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm arrives via email messages spammed by another malware or by a malicious user. It may also be dropped by other malware.
Instead of attaching copies of itself to email messages, this worm asks users to click a link in the message. This is an effective way for it to bypass email applications that scan for malicious attachments.
When a user clicks the said link, this worm connects to certain Web sites to download a copy of itself.
This worm drops copies of itself.
It creates registry entries to enable its automatic execution at every system startup. It also modifies a registry entry to enable its automatic execution at every system startup.
This worm propagates by sending email messages containing a link, which when clicked, redirects users to a malicious Web site where a copy of this worm is downloaded.
More...