The Kak worm spreads by using a specially crafted and invisible frame for the signature in Outlook Express. When this frame is loaded (when the email is previewed or viewed in the email pane), the worm's code launches due to a vulnerability in Outlook Express, and the worm then installs itself to the system. When the computer is booted on the first of any month between 6:00PM and 12:00AM, the worm displays a message saying "Kagou-Anti-Kro$oft says not today !" and when the message is cleared, the worm shuts down the system.