Copies itself to KaZaA download directory as one of the following files:
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.
In addition, the backdoor can download and execute arbitrary files.
The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004. These two events will only occur if the worm is run between or after those dates.
From TrendMicro:
If the system date is later than February 12, 2004, this worm discontinues running all of its routines except its backdoor functionalities.
This worm is packed under UPX. Besides being compressed, the strings inside its body are encrypted.