Unpatched Windows XP, Windows 2000, and Windows NT machines directly connected to the internet via "live" IP addresses are at exceedingly High Risk of infection from this worm.

The worm exploits the LSASS vulnerability documented in this Microsoft Security Bulletin (MS04-011). Machines connecting from behind hardware-based firewalls or NAT machines where incoming port 445 is denied are at lower risk of infection but are still at risk.

Note current known variants of this worm do not propagate via email and as such, installed anti-virus software may not prevent infection. If using a vulnerable version of the Windows operating system it is critical to install the above referenced security updates immediately.