Linux/OSF-A will attempt to infect 200 ELF executables in the current working directory and the directory /bin. The virus will avoid the file ps or any files ending in ps.
If the virus is executed by a privileged user then it will attempt to create a backdoor server on the system. This is achieved by opening a socket on port 3049 or above and waiting for specially configured packets containing instructions for the backdoor program. The server may be asked to create a TCP connection with the attacker and to then attempt to supply them with a shell to use remotely.