This is an MSN worm. These can pretend to be from a friend whose machine is infected. Also this one exploits the fact that nobody under about 25 knows about the old MS-DOS .com file extension for executable files. They think .com means a web site so they click on it.
Backdoor.Win32.IRCBot.aex (Kaspersky Lab) is also known as: W32.Esbot.B (Symantec), BackDoor.IRC.Sdbot.126 (Doctor Web), Win32.Worm.EsBot.B (SOFTWIN), Worm.ESBot.B (ClamAV), Bck/IRCbot.KG (Panda), Win32/IRCBot.OO (Eset)
* The following behaviors have been observed for this object:
* Installs programs.
* Deletes programs.
* Invokes dll components.
* Creates Run Keys.
* Runs other programs.
* Communicates with web sites using httpout protocols.
* Has outbound communications.
* Creates known malware.
* Creates copies of itself.