The program provides a weakly encrypted but difficult to trace communication channel. Over this channel, it can be configured to attack other hosts on the Internet. The agent is capable of doing several traditional denial of service attacks (UDP flood, ICMP flood, TCP SYN flood) and a new form of indirect attack using public DNS servers. This new attack is difficult to defend against when one is on the receiving end of such an attack. Organisations and ISP can, however, make sure no such attack can be launched from inside their network by configuring their firewall appropriately.
The agent program runs under Linux. It does not spread itself, it is neither a worm nor a virus. It has to be deliberately installed by an attacker after he broke into the Linux machine.