W32/Finaldo-B spreads by infecting files and web pages and also as an email attachment.
When an infected file is run it will create a hidden file named finaldoom.dll in the system's temporary directory. Finaldoom.dll is then loaded and it begins the infection process.
The virus searches for files with .EXE, .SCR and .OCX extensions in order to infect them. It also searches for files with the extensions .HTM, .HTML and .ASP. If it finds such a file the virus will attempt to add malicious JavaScript to the file.
If a web page containing the malicious script is viewed a file called finaldoom.eml is automatically downloaded onto the user's computer - which is then executed, spreading the infection.
The virus also searches the user's mailbox for addresses to which it can email itself. The email messages it sends have an attachment named ".EXE" and attempt to exploit a MIME Vulnerability in some versions of Microsoft Outlook, Microsoft Outlook Express, and Internet Explorer to allow the executable file to run automatically without the user double-clicking on the attachment.
Microsoft has also issued a patch which secures against the incorrect MIME header vulnerability which can be downloaded from http://www.microsoft.com/technet/security/bulletin/MS01-027.asp.
(This patch fixes a number of vulnerabilities in Microsoft's software, including the one exploited by this virus.)