• Virus is 32bit, with a size of 24,876 bytes in viral code
  • Virus may modify the "run=" line within the WIN.INI configuration file for Windows 9x in an effort to load the virus at Windows startup
  • Virus attempts to send itself using SMTP to email addresses scavenged from the host infected system - email addresses are captured from various files on the system including .DBX extension mail box files
  • Message is structured such that an I-Frame exploit will cause the attachment to launch automatically when the message is either opened or previewed in Outlook -
    • The email message will have an additional file attachment, typically a file with .HTM extension, which is a clean and non-infectious file - in addition, the from address is forged.