Inside is a '.pif' file called photo album2007 or a '.scr' file called photos_2007. It connects you to one of the following IRC Servers:
and posts a message: IMStart. which is an invitation to connect to the victims computer.when connected, the attacker can send the worm to more people and control the victims pc. However, there is a flaw: as MSN Messenger does not allow you to send whole files, instead of spreading, The victim will get a lot of dialogue boxes saying: "you cannot send a folder, please send one file at a time." Thefore you must have Windows Live Messenger to spread it.
NOTE: Upon downloading this virus: this virus then hides itself and begins downloading more viruses. if you contract this virus from MSN; an easy thing to do is turn off your cable box/modem (the one with the lights that say internet/receive/power/etc. and they are flashing) then run a few scans. if you say: go to school; leave the box on all day, when you get home, your computer will be GUARANTEED so slow it will aggravate you.
Recently (In April 2008), one variant has been delivering its virus payload as a file named "IMG00231.JPG-www.imageupload.com" from sites photogallery.gigacities.net and album.gigacities.net (See the McAfee Site Advisor post at ). The MSN Messenger message says "hey, is this your picture ?! h t t p://album.gigacities.net/email.php?=YOURefirstname.lastname@example.org" [DO NOT FOLLOW THE LINK UNLESS YOU KNOW WHAT YOU ARE DOING AND WANT TO HARVEST THIS FILE]. This link delivers the MSN virus / worm payload as an MS-DOS .com application (with Size 39,424 bytes and Size on disk: 40,960 bytes). As of 11 APR 2008, Symantec Enpoint Protection does NOT detect this version of the worm.