Takes all kinds, so I suppose it is possible.
The time to close the barn door is *before* the horses escape.
What does this mean!? How will spending $39.95 prevent
anything?

The simple answer is, "via open internet ports". It requires and
affects Windows 2K or XP. It also depends on unprotected ports and/or
the lack of a patch released by M$ some time ago. Here's more:


Art
http://www.epix.net/~artnpeg

If wrong, hopefully someone will correct me.

Once running the worm generates IP#s to probe for a known
vulnerable service which uses a specific port. Once a new
potential victim is located, the worm sends code designed to
exploit the vulnerability (a 'buffer overrun' or 'buffer overflow')
which allows the sent code to execute as if it were the vulnerable
services own code. A command shell (cmd.exe) is invoked by
this code and then is used to call upon the TFTP (Trivial File
Transfer Protocol) which will transfer a file from (*probably the
previous victim) another location. The file transferred is the worm
executable itself (this is, in essence, replication and spread). Then
the command shell attempts to execute the newly downloaded
executable. Once running [return to the top].

*In addition to the probing, the running executable sets up services
on some ports to make the worm executable available for all those
new potential victims that are requesting it.

There might also have been some hardcoded IP#s with the worm
executable being served, at least I think I read that somewhere.