This worm exploits certain vulnerabilities to propagate across networks. It takes advantage of the following Windows vulnerabilities:
- Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability
- IIS5/WEBDAV Buffer Overflow vulnerability
- RPC Locator Vulnerability
For more information about these Windows vulnerabilities, please refer to the following Microsoft Web pages:
It attempts to log into systems using a list of user names and passwords. This worm then drops a copy of itself in accessed machines.
It also terminates antivirus-related processes and dropped files by other malware. This worm steals CD keys of certain game applications, then sends gathered data to a remote user via mIRC, a chat application. It also has backdoor capabilities and may execute remote commands in the host machine.
It runs on Windows NT, 2000 and XP.