"According to Microsoft, the worm works by searching for a
Windows executable file called "services.exe" and then becomes part
of that code.
"It then copies itself into the Windows system folder as a
random file of a type known as a "dll". It gives itself a 5-8
character name, such as piftoc.dll, and then modifies the Registry,
which lists key Windows settings, to run the infected dll file as a
service." Funny how the elderly Unix system of file permissions and
ownership foils this sort of attack quite neatly. Oh wait I forgot,
malware authors only attack The Most Popular OS--ed.
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.