This is Internet worm that spreads via E-mail by sending infected messages from affected computers. While spreading the worm uses MS Outlook and sends itself to addresses that are stored in MS Outlook Address Book.
The worm arrives on computer as email message with attached VBS file, that is worm itself. The message in original worm version has:
Being activated by a user (by double click on attached file) the worm opens MS Outlook, gets access to the Address Book, gets up to 50 addresses from each adresslist and sends messages with its attached copy to all of them. The
Additionaly, each time worm activated it sends infected messages to 25 addresses, that are specified inside worm body.
To prevent duplicate sending of infected messages to the same addresses, the worm marks each address used.
After all the worm opens six Internet Explorer windows with different links and also displays message:
|Find out the statistics of the threats spreading in your region|