The Worm takes advantage of a flaw in the TCP networks for Berkeley UNIX systems (used in sending e-mail). When the program was being designed, a DEBUG flag was included with it in order to facilitate testing of the program. One of the capabilities of this flag was that it allowed someone to send mail to a process, rather than a user account. Unfortunately, when the program was finished and compiled for distribution, this feature was never removed.
The Worm takes advantage of this oversight by sending a mail message with the DEBUG flag with a carefully constructed recipient string. This string sets up a command that deletes the header of the message being sent, and passes the body of the message to a command interpreter, causing it to subsequently compile a copy of code that then opens a connection and pulls a copy of the Worm process onto the new computer.
If this attack fails, the control returns to infect which marks the host as immune.