It spreads by exploiting vulnerability in the FTP server component of W32.Sasser.Worm and its variants.
The worm installs a backdoor on infected hosts listening on port 9898. If the attempt fails, W32Dabber.A tries to listen on from port 9899 to port 9999 in sequence until it finds an open port.
Tries to save itself in:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\package.exe
%Windir%\All Users\Main menu\Programs\StartUp\package.exe
Remove it from startup by antivirus (also check How To Remove section)Start Control.