Apparently this one has been giving a few sites around the world a good run for their money.
Here is the Symantec Security Response page for the virus, and here is Microsoft Security Bulletin MS04-011 listing the Windows vunerability which the Worm attempts to exploit. It's interesting to note that it's taking much less time for these things to be released - MS04-011 was first posted April 13th (updated April 28th), and the virus started appearing on April the 30th.. thats a pretty low turnaround rate.
Check out the propogation methods too - I particularly liked this bit:
The IP addresses generated by the worm are distributed as follows:
- 50% are completely random
- 25% have the same first octet as the IP address of the infected host
- 25% have the same first and second octet as the IP address of the infected host.
So basically once a single machine on an internal LAN gets infected, it's pretty much guaranteed that every unprotected/unpatched machine on the LAN will be infected before too long.
The final link for this post is here - and it's a knowledgebase entry describing what to do if your computer stops responding after you install the patch for MS04-011. Nice. Apparently, the patch introduces a neat bug where your system keeps attempting to load certain drivers that fail to load properly. Rather than ignoring such drivers and moving on, repeated attempts to load them ensue, tying up the machines CPU resources, preventing the system getting to the point where a login prompt is proffered.
Happy patching!