This is copied and pasted from Symantec.
The W32.Kwbot.B.Worm attempts to spread itself through the KaZaA file-sharing network. It also has a Backdoor Trojan capability, allowing a hacker to gain control of the compromised computer. It is written in the Microsoft Visual C++ programming language and is compressed with UPX
The W32.Kwbot.B.Worm requires that the KaZaA software be installed on the computer for it to spread.
The W32.Kwbot.B.Worm contains its own Internet Relay Chat (IRC) client, allowing the worm to connect to an IRC channel, which was coded into the Trojan. Using the IRC channel, the Trojan listens for commands from the hacker. The commands allow the hacker to perform any of the following actions:
Manage the installation of the backdoor.
Control the IRC client on the compromised computer.
Dynamically update the installed Trojan.
Send the Trojan to other IRC channels to attempt to compromise more computers.
Download and execute files.
Deliver system and network information to the hacker.
Perform Denial of Service (DoS) attacks against a target defined by the hacker.
Completely uninstall itself by removing the relevant registry entries.
Details released January 2nd 2003.