Naco.B is a dangerous worm, as it includes a Trojan component that allows an attacker to gain remote access to certain resources on the affected computer. A hacker could carry out the following actions, among others, open and close the CD-ROM tray, switch the mouse button functions, etc.
Naco.B also sends an e-mail message containing information on the affected computer to the following address: firstname.lastname@example.org. The information it sends includes the operating system installed, the version of Internet Explorer installed, the machine name, number and type of drives installed, etc.
Finally, Naco.B disables the security programs installed on the affected computer. In order to do this, it carries out the following actions:
It ends active processes belonging to antivirus and firewall programs, among others, in the affected computer.
It looks for files related to different antivirus and security programs and deletes them.
Naco.B spreads rapidly via e-mail, P2P (peer-to-peer) file sharing programs and ICQ chat channels. When it spreads via e-mail, the message always contains an attached file called WARS.EXE.