"According to Microsoft, the worm works by searching for a
Windows executable file called "services.exe" and then becomes part
of that code.
"It then copies itself into the Windows system folder as a
random file of a type known as a "dll". It gives itself a 5-8
character name, such as piftoc.dll, and then modifies the Registry,
which lists key Windows settings, to run the infected dll file as a
service." Funny how the elderly Unix system of file permissions and
ownership foils this sort of attack quite neatly. Oh wait I forgot,
malware authors only attack The Most Popular OS--ed.