To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm arrives as attachment to email messages spammed by another malware or a malicious user. It may be dropped by other malware.
It may be downloaded from a remote site. This worm drops copies of itself. Note that the drop paths are harcoded within this worm's code. However, this dropping routine fails to execute on systems running Windows 2000 and Windows NT.
This worm creates registry entries to enable its automatic execution at every system startup.
This worm sends email using MAPI (Messaging Application Programming Interface) via MS Outlook. It sends email to all addresses listed in the MS Outlook address book with copies of itself as attachments.
It may also connect to Web sites to download an updated copy of itself. However, the said Web sites are inaccessible as of this writing.