This worm arrives as attachment to email messages spammed by another malware or a malicious user.It may be downloaded from certain remote sites.
It drops copies of itself.It drops files/components.
It creates registry entries to enable its automatic execution at every system startup.
It creates registry key(s)/entry(ies).
It uses its own Simple Mail Transfer Protocol (SMTP) engine to send email messages that contain a link pointing to a remote copy of itself. Below is a sample of the email message it sends out:
It opens ports where it listens for remote commands. This routine effectively compromises the affected system.
It invokes a certain legitimate file to bypass the Windows Firewall. It also attempts to connect to a known malicious Web site.
More...