Worm_Waledac.BK arrives as an attachment to email messages spammed by another malware or a malicious user.

It uses Valentine-related file names, such as val.exe, valentines.exe, etc. Once executed, this worm creates a registry entry to enable its automatic execution at every system startup.

It propagates by searching for email addresses in files found in fixed, network, and RAM drives, avoiding files with certain extension names. The harvested email addresses are first encrypted and stored in a file with a random name before sending them to certain IP addresses.

Using the gathered email addresses, this worm then sends email messages containing links to sites where copies of itself can be downloaded.

It opens random ports to listen for commands from a remote user, thus, compromising the affected system.

Technical details can be found at this Trend Micro page.