it runs though a CPL format (delphi control panel) if im not mistaken, as its said it attacks the hotmail address book, and spreads though kazza, under varous .cpl names.
Ive been told in Irc the original hotmail worm, was done to gain someone entry into a hacking group.
I recently dis-seccted the worm, and at first found out that its picked up with norton AV as Kirto.c (as gurl pointed out)

Preep