Bugtraq: new strange worm

[Alex Gen <alexei.h () spray se>]

http://www.mikenoels.net/matrix.swf/index1.html (do _not_ open.)

Found a new sort of worm, at least I didn't find any information about this on any securitysite;

Creates a registry entry \HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603 and adds a file called 
"umcss.exe" to C:\windows(winnt)\system32. The exececutable spawns a connection to a irc-server called 
apollo.uplinkearth.com at port 6667. I'm asuming it's sitting in a channel there to create a DoS at a specific date or 
to give the owner of that irc-server problems.

it also adds a line in mirc.ini telling it to load a script called custom1.mrc, which adds a "on join" to remote, 
sending several messages to channel visitors, including one with the URL above.

regards,
Alex Gen