A、使自带发信引擎发送病毒邮件
　　B、利用“GOOGLE”等搜索引擎获得邮件地址，并向这些邮件地址发送病毒邮件
　　C、病毒会开放TCP 1034端口，做为后门，等待黑客连接

　　发作现象:

　　病毒运行后
　　会在含有如下后缀名的文件种搜索电子邮件地址
　　.adb .asp .dbx .htm .php .pl .sht .tbb .txt .wab

　　如果在这些文件中找到电子邮件地址，则病毒会利用以下的搜索引擎，搜索更多的
　　电子邮件地址：
　　search.lycos.com
　　www.altavista.com
　　search.yahoo.com
　　www.google.com

　　病毒邮件的主题为下面之一：
　　say helo to my litl friend
　　click me baby, one more time
　　hello
　　error
　　status
　　test
　　report
　　delivery failed
　　Message could not be delivered
　　Mail System Error - Returned Mail
　　Delivery reports about your e-mail
　　Returned mail: see transcript for details
　　Returned mail: Data format error

　　病毒邮件正文可能是以下内容之一
　　Dear user {<接收者邮件地址>|of <接收者的网站域名>},{ {{M|m}ail
　　{system|server} administrator|administration} of <接收者的网站域名> 　　
　　would like to {inform you{ that{:|,} |}|let you know {that|the
　　following}{.|:|,}}|||||}
　　{We have {detected|found|received reports} that y|Y}our {e{-|}mail
　　|}account {has been|was} used to send a {large|huge} amount of 　　　　
　　{{unsolicited{ commercial|}|junk} e{-|} mail|spam}{ messages|} during 　
　　{this|the {last|recent}} week.
　　{We suspect that|Probably,|Most likely|Obviously,} your computer {had
　　been|was} {compromised|infected{ by a recent v{iru}s|}} and now
　　{run|contain}s a {trojan{ed|} |hidden} proxy server.
　　{Please|We recommend {that you|you to}} follow {our |the
　　|}instruction{s|} {in the {attachment|attached {text |}file} |}in order
　　to keep your computer safe.
　　{{Virtually|Sincerely} yours|Best {wishe|regard}s|Have a nice day},
　　{<接收者的网站域名> {user |technical |}support team.|The <接收者的网站域
　　名> {support |} team.}

　　{The|This|Your} message was{ undeliverable| not delivered} due to the
　　following reason {(s)|}:
　　Your message {was not|could not be} delivered because the destination
　　{computer|server} was
　　{not |un}reachable within the allowed queue period. The amount of time
　　a message is queued before it is returned depends on local configura-
　　tion parameters.
　　Most likely there is a network problem that prevented delivery, but
　　it is also possible that the computer is turned off, or does not
　　have a mail system running right now.

　　Your message {was not|could not be} delivered within <随机数> days:
　　{{{Mail s|S}erver}|Host} } is not
　　responding.
　　The following recipients {did|could} not receive this message:
　　<<接收者邮件地址>>
　　Please reply to postmaster@{<发送者的网站域名>|<接收者的网站域名>}
　　if you feel this message to be in error.
　　The original message was received at [current time]{
　　| }from {<发送者的网站域名> ]|{]|]}}
　　----- The following addresses had permanent fatal errors -----
　　{<<接收者邮件地址>>|<接收者邮件地址>}
　　{----- Transcript of {the ||}session follows -----
　　... while talking to {host |{mail |}server ||||}{<接收者的网站域
　　名>.|]}:
　　{>>> MAIL F{rom|ROM}:[From address of mail]
　　<<< 50$d {[From address of mail]... |}{Refused|
　　{Accessd|D}enied|{User|Domain|Address} {unknown|blacklisted}}|554 <<接收
　　者邮件地址>>... {Mail quota exceeded|Message is too large}
　　554 <<接收者邮件地址>>... Service unavailable|550 5.1.2 <<接收者邮件地
　　址>>... Host unknown (Name server: host not found)|554 {5.0.0 |}Service
　　unavailable; ] blocked using {relays.osirusoft.com|bl.spamcop.net}{,
　　reason: Blocked|}
　　Session aborted{, reason: lost connection|}|>>> RCPT To:<<接收者邮件地
　　址>>
　　<<< 550 {MAILBOX NOT FOUND|5.1.1 <<接收者邮件地址>>... {User 　
　　unknown|Invalid recipient|Not known here}}|>>> DATA
　　{<<< 400-aturner; %MAIL-E-OPENOUT, error opening !AS as output
　　|}{<<< 400-aturner; -RMS-E-CRE, ACP file create failed
　　|}{<<< 400-aturner; -SYSTEM-F-EXDISKQUOTA, disk quota exceeded
　　|}<<< 400}|}
　　The original message was included as attachment

　　{{The|Your} m|M}essage could not be delivered

　　附件名为以下之一
　　readme
　　instruction
　　transcript
　　mail
　　letter
　　file
　　text
　　attachment
　　document
　　message
　　<网站域名>

　　附件后缀名为以下之一
　　cmd
　　bat
　　com
　　exe
　　pif
　　scr
　　zip
　　有时 附件会有两个后缀名，增加的扩展名可能是：
　　doc
　　htm
　　html
　　txt

　　如果邮件地址包含以下字符，则不会向该地址发送：
　　arin. avp bar. domain example foo.com gmail gnu. google hotmail microsoft
　　msdn. msn. panda rarsoft ripe. sarc. seclist secur sf.net sophos 　　
　　sourceforge spersk syma trend update uslis winrar winzip yahooanyone ca
　　feste foo gold-certs help info me no nobody noone not nothing page rating
　　root site soft someone the.bat you your admin support ntivi submit
　　listserv bugs secur privacycertific accoun sample master abuse spam
　　mailer-d

　　病毒会开放TCP 1034端口，做为后门