When run the worm copies itself to wuacltl.exe in the Windows system folder and adds the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Update Service = "wuacltl.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows Update Service = "wuacltl.exe"
HKLM\Software\Microsoft\Ole\
Windows Update Service = "wuacltl.exe"
The worm attempts to disable several other worms and some security related processes.
The backdoor component allows a remote attacker to :
transfer files to and from the infected computer
log user keystrokes
sniff network packets
capture video
launch distributed denial of service attacks
steal game related CD keys