I-Worm.BadAs
Details
I-Worm.BadAss
This is a virus-worm that spreads via the Internet using MS Outlook. The worm itself is a Windows EXE file about 25Kb in length, and written in VisualBasic. The worm seems to be based on the “Melissa” macro-virus worm - the functions and sequence of instructions in the worm code are very similar to the “Melissa” source code. It seems that this worm was compiled from a slightly modified “Melissa” source.
The worm is transferred via the net in e-mail messages with an infected attachment. The original attachment has the BADASS.EXE name, but it is possible to rename the EXE file manually, and it then will spread with a new name.
When an infected message is received and the attached EXE file is executed, the worm gains control and starts its main routine. This routine displays message boxes, then run the infection routine that opens the Outlook database, obtains e-mail addresses from the Address Book and sends infected messages to the addresses found. The subject in the infected messages contains the text “Moguh..” and the message text is “Dit is wel grappig! :-)”.
The first message box displayed by the worm appears as follows:
Kernel32
An error has occured probably because your c**t smells
bad. Is this really so?
[ Yes ] [ No ]
Upon the mouse cursor moving to the [No] button, the worm moves this button another place to the left [Yes], and return it back when the mouse cursor moves near to button, and so on until clicking [Yes]:
[ Yes ] [ No ]
[ No ] [ Yes ]
[ Yes ] [ No ]
So the worm does not allow one to click the [No] button. When the [Yes] button is pressed, the worm displays another message and runs its infection routine:
WIN32
Contact your local supermarket for toiletpaper and soap to
solve this problem.
[ OK ]
Related Posts