The funny thing about this virus, all the comps I have had to go service this evening all had two things in common:
1) All on Dialup
2) All with WinXP SP1
Reason all the affected machines were dialup internet connections is because most Dialup accounts do not have Routers/Firewalls. This worm comes though the TCP135 port, Routers/Firewalls block this port. Once in your computer the worm opens port 4444 and then it loads itself and takes over the infected computer. The code picks random IP addresses and checks those IPs for access, it tries several ways to break in. If it gets in, it infects as above, if it does not get in, it makes more random IPs and starts the process again.
Nasty little piece of work this worm. The only good thing is it does not do permanent damage to the infected computer.
Take Care,
Richard