Worm_Antiman.D propagates via email messages. It gathers target recipients from the Microsoft Outlooks deleted items, inbox, and outbox. It also gathers email addresses from Yahoo messenger log files for its target recipients.

It uses its own Simple Mail Transfer Protocol (SMTP) engine for its email propagation while using the infected machines default SMTP server or any of the STMP servers listed in its code.

It uses a tried and tested social engineering technique where the malware author uses intriguing and interesting subjects, body text, and attachment file names to prod users into opening it and running the attachment.


Technical details can be found at this Trend Micro page.