Virus type: Worm
Destructive: No
Description:
This memory-resident worm uses its own SMTP engine to propagate via email with varrying subjects, message bodies, and attachment file names.
It gathers target email addresses from certain files found in the hard drive.
It also connects to a particular Internet Relay Chat (IRC) server on port 6667. It uses random nicknames and email addresses, which have the suffix @foo.bar.
It performs the following tasks:
Drop a copy of itself as the file WINSHELLB.EXE in the Windows system folder
Create the mutex COKE_DESTROYS_YOUR_BRAIN_5 to ensure that only one instance of itself exists in memory
Display a message box, which allows it to proceed to its malicious routines
Query the local DNS server using port 53, and other external DNS servers for a mail exchange that matches the domain of the recipient?s email address
This UPX-compressed malware runs on Windows 95, 98, ME, NT, 2000, and XP.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KECO.A

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic