This Trojan program enables its user to send anonymous emails. It can also check if a specific mail server is running or not, choose a random mail server, and then sends an email. If its user attempts to use a blank message body, it inserts random words before it sends out the emails.

The worm produced has used variables with random words composed of 10 characters.

The generator has the following characteristics:

User can set the registry name used to reload the Trojan during boot-up.
User can decide if a worm that uses MS Outlook for propagation can send it an attachment of an embedded script.
The subject title and the content of the email can also be modified. The worm may also be set to infect files such as VBS and VBE by overwriting its original code.

User may choose one of four methods of payload and the trigger date can be set on any date between January 1 to December 31.

Methods of payload:

1. A message box with desired text.
2. An Internet browser can be launched and set to open any URL.
3. Two modes of crashing the system

The Trojan also employs a scheme to protect itself by implementing a procedure to reproduce itself whenever the worm is deleted. Also, the code of the worm can be encrypted so that altering it is harder.