The threat must be manually installed.
When the Trojan is executed, it searches the following drives on the compromised computer:
Next, it copies all files with the following file extensions and places them on the C drive:
The Trojan then uploads the copied files to the following FTP server:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":