Propagation Vectors
- README.EXE file forwarded via e-mail
- If Web server, all HTML content pages compromised
- ADMIN.DLL obtained via tftp
Propagation by Network Shares
- Worm code written to writeable share
- E-mail client using IE HTML reader
Propagation via Web Pages
- Browser downloads README.EML via JS
- Vulnerable browser autoexecutes