An interesting few variants of an IRC bot, named http://vil.nai.com/vil/content/v_139347.htm. Rather than connecting back via DNS to an IRC server for receiving commands, the bot attempts to create a P2P network, listening on port 8 (TCP). Initial execution results in outgoing connections to one of several IP addresses (on port 8 TCP), presumably some seeded infections to spawn the P2P network. The bot spreads via email, AIM, Windows messenger and across the network.

One interesting aspect to this family is its (supposed) ability to repack itself. Though unconfirmed in replication testing thus far, reports suggest it attempts to repack itself prior to propagating. If true, would create an interesting challenge for AV scanners.