Web Browser Propagation
Worm creates copies called readme.eml
- Small JavaScript code pointing to this page added to all Web-content files at infected site
Browser visits site, activates page's JS code, and downloads readme.eml
- Vulnerable versions of Internet Explorer will auto-execute the file