Our assessment of worm's behavior is below:
If windowsupdate.com fails to resolve, it will return a -1, which is not
interpreted because this routine has no error checking. The worm then
attempts to send its SYN packets to 255.255.255.255, which may have done
some interesting things, but it looks like the Windows raw socket
implementation won't let that packet out. So basically, nothing
happens.
There might be some issues with cached DNS, but besides that it looks
like the majority of the infections won't be doing much of anything
besides eating CPU cycles on the infected hosts.
Regards,