STEP 1: Go to steamapps/garrysmod/garrysmod/addons, if you have readme.txt containing the text 'This is where addons go.' in there you are infected * The worm part now runs and allows rcon access and also infects other clients which now go to the same steps as soon as this user creates a server. * The saver script (virus part) infects every found lua file in /addons and stores a file called 'Readme.txt' in /addons * Now, the exploit which makes this worm possible comes into play: RunConsoleCommand changes con_logfile to /addons/an_addon/lua/autorun/a - This allows writing of files to /lua which is generally not possible. * This few code lines download the actual worm and and a virus part (saver script) using http.Get from a website * An infected server sends a few lua-code lines to players using Player:SendLua() All Gmod servers are infected with a LUA virus.