This Trojan downloads other malicious programs to the victim machine. It is written in Java Script, and is between 1 – 3KB in size. The program code may be encoded using Jscript.Encode.
The Trojan downloads and launches other Trojans on the victim machine without the user’s knowledge or consent. In order to do this, it exploits several HTML vulnerabilities: CAN-2002-0077(Exploit.HTML.CodeBaseExec), CAN-2004-0380 (Exploit.HTML.Mht), XMLHTTP è ADODB Stream. Which vulnerability is exploited will depend on the version of the operating system used.