According to the security firm Bkis, this worm has delevoped a more efficient way of persuading people follow the steps that lead to the trap and achieving its goals. The main means of spreading are Yahoo Instant Messanger and Skype, so the first indirect contact with the malware is done via a message that is selected from a various set of messages which is followed by a link.
An example of that kind of messages is shown below.
The link seems to lead to an image file, as you can see from the above image. If the link is clicked on, the browser will present a page that looks like the RapidShare Web hosting site, trying to make the victim download a compressed file that contains a malicious executable file whose extension is .com.
The next step is sending itself through messages, that include malicious links to a variety of files, to the contacts of the victim’s e-mail list. Since the worm has infected the victim, it is able to receive remote commands, spread through USB drives, avoid antivirus detection and conceal its existence.
References:
CNET NEWS
