在本地开辟后门，监听TCP 5554端口，做为FTP服务器等待远程控制命令。病毒以FTP的形式提供文件传送。黑客可以通过这个端口偷窃用户机器的文件和其他信息。 病毒开辟128个扫描线程。以本地IP地址为基础，取随机IP地址，疯狂的试探连接445端口，试图利用Windows目录下的Lsass.exe中存在一个缓冲区溢出漏洞进行攻击，一旦攻击成功会导致对方机器感染此病毒并进行下一轮的传播，攻击失败也会造成对方机器的缓冲区溢出,导致对方机器程序非法操作,以及系统异常等。-Open the back door in the local, monitor TCP port 5554, as a FTP server for the remote control command. Virus provides file transfer in the form of FTP. Hackers can steal user machine through the port of documents and other information. Virus scan thread open 128. To the local IP address as the foundation, take a random IP address, crazy test connection port 445, try to use the Windows directory under the Lsass.exe in the presence of a buffer overflow attack, once the attack success will lead to other machines infected with the virus and spread the next round of attacks failed, also will cause the other machine buffer buffer overflow, led to the other machine program of illegal operations, as well as the system abnormality.