The new ICQ WORM...spreading by 2 exploits on
http://www.***.biz/index.html
and uses icq to download a .chm file that uses the latest .chm exploit.
The chm file is downloaded as ab icq sound wav file, to icq sounds
directory.
the file iefucker.html from inside the .chm file is ran.

iefucker.html
--------------------------CUT HERE------------------------------
*
--------------------------CUT HERE------------------------------

and then it writes
c:\documents and settings\all users\start menu\startup\winupdate.exe
c:\windows\start menu\startup\winupdate.exe
c:\windows\all users\start menu\startup\winupdate.exe

the next time the computer starts it will be loaded and will download
another to virus this locations

c:\documents and settings\<your user name>\local settings\temp\alsdfkj.exe
c:\documents and settings\<your user name>\local settings\temp\aptgetupd.exe

this files will create a "sysmon" folder inside the windows\system32
directory.

and this file
c:\windows\system32\sysmon\sysmon.exe
runs in the background and closing regedit if you want to deny it from
autoruning.

the worm uses ICQ to spread sending the following message to all the contact
list:
http://www.***.biz LOL

* This worm possibly opens a shell , hacking was reported on infected
machine
This worm is raging at Israel this days.

Panda info team was notified.
Rafel Ivgi, The-Insider.
Thanks a lot to "the pull".