• HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr = "C:\WINNT\login.bat"
The key allows Windows to start the bat file each time a user logs on.
Under Italian versions of Windows, additional files will be dropped, and the attributes to both file set to hidden, system.
• C:\Programmi\Windows NT\netapi.dll
The worm will then check whether a connection to an Italian site can be established. If so, it will create e-mail messages containing copy of its body and send them to recipients in Outlook's Contact list.
Detection for this malware was published on March 8th, 2005 in the following F-Secure Anti-Virus updates: