This worm may be dropped by other malware. It may arrive via network shares. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this worm drops a copy of itself. It then modifies registry entries to enable its automatic execution at every system startup. It also drops a copy of itself in the Windows Common Startup folder to enable its automatic execution at every system startup.
It employs registry shell spawning so that it executes when files of certain types are run. It does this by creating a registry entry under certain application names.
This worm drops copies of itself in network shares.
This worm sends messages that contain a link pointing to a remote copy of itself, using an instant messaging application.
This worm drops copies of itself in all physical and removable drives. It also drops an
AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.
It terminates certain processes containing specific strings. This worm modifies the Internet Explorer home page to point to a certain URL.
More...