This worm is able to work on Chinese versions of Windows only, and spreads itself by sending infected e-mail messages. The virus has two components: a script program and Windows PE .exe file. The first component (script) is sent in infected e-mails, infects the computer, then downloads and executes a .exe. That's the component that completes the infection and spreads the worm copies further.
- It spreads by attacking IP addresses connected to the Internet obtained at random.
- It tries to access the compromised IP address by exploiting an existing vulnerability that hasn't been fixed or through an open port. If it does this, it copies itself onto the compromised computer.
- WORM_UNICLE.A(Trend Micro)