It propagates by sending a copy of itself as an attachment to email messages. In the From field, it uses a random name followed by Web email domains such as hotmail.com.
It sends its messages using its own Simple Mail Transfer Protocol (SMTP) engine. Having its own SMTP engine allows this worm to send messages without using any email application, such as MS Outlook.
It also propagates via peer-to-peer (P2P) networks. It searches for certain folders that are usually related to P2P shares. Once found, it drops copies of itself using enticing file names to ensure its download from P2P networks.
It deletes the folder liveupdate if found on an affected system. As a result, certain applications may not function properly due to missing files.
Technical details can be found at this Trend Micro page.
Loading Comments...