W32/Sachy.Worm attempts to spread via the WMI remote script with a weak administrator password.

More information can be found at this Sophos page.