On execution, Vote will attempt to download a trojan onto the machine in addition to propagating itself. The worm also includes a number of dangerous routines.
Vote was first reported on the 24th of September, 2001 – 13 days after the WTC tragedy.
The worm uses standard Windows Mail API to access the user's address book. This affects users of MAPI compatible e-mail clients, mainly Microsoft Outlook.
The e-mails sent by the worm look like this:
From: name-of-the-infected-user To: random-name-from-address-book Subject: Fwd:Peace BeTween AmeriCa and IsLaM ! Hi iS iT waR Against AmeriCa Or IsLaM !? Let's Vote To Live in Peace! Attachment: WTC.exe