This is a virus-worm that spreads via the Internet attached to infected
Infected messages contain:
The worm activates from infected e-mail only when a user clicks on an attached
While installing, the worm copies itself to the Windows system directory with the
where %SystemDir% is the Windows system directory.
To send infected messages, the worm uses Windows MAPI functions and “answers”
The worm scans network shared drives, looks for directories with a WIN.INI file,
The worm also installs a backdoor Trojan (“Backdoor.DRA”) on an infected machine.
The worm creates the dekoy file C:SitesDeSexo.doc, and writes the following text there:
The the worm writes a list of porno sites and opens this file.