Class Email-Worm
Platform Win32

Technical Details

This is a virus-worm that spreads via the Internet using MS Outlook. The
worm itself is a Windows EXE file about 25Kb in length, and written in
VisualBasic. The worm seems to be based on the “Melissa”
macro-virus worm – the functions and sequence of instructions in the worm
code are very similar to the “Melissa” source code. It seems that this worm was
compiled from a slightly modified “Melissa” source.

The worm is transferred via the net in e-mail messages with an infected attachment.
The original attachment has the BADASS.EXE name, but it is possible to rename
the EXE file manually, and it then will spread with a new name.

When an infected message is received and the attached EXE file is executed,
the worm gains control and starts its main routine. This routine displays
message boxes, then run the infection routine that opens the Outlook
database, obtains e-mail addresses from the Address Book and sends infected messages
to the addresses found. The subject in the infected messages contains the text
“Moguh..” and the message text is “Dit is wel grappig! :-)”.

The worm does not send messages twice from the same computer. To avoid
duplicate spreading, the worm creates a system registry key, and checks it
upon each start:

HKCUSoftWareVB and VBA Program SeettingsWindowsCurrentVersion
“CMCTL32″=”00 00 00 01”
[Adult only————————————————–]

The first message box displayed by the worm appears as follows:

An error has occured probably because your c**t smells
bad. Is this really so?
[ Yes ] [ No ]

Upon the mouse cursor moving to the [No] button, the worm moves this button
another place to the left [Yes], and return it back when the mouse cursor moves near
to button, and so on until clicking [Yes]:

[ Yes ] [ No ]
[ No ] [ Yes ]
[ Yes ] [ No ]

So the worm does not allow one to click the [No] button. When the [Yes] button is pressed,
the worm displays another message and runs its infection routine:

Contact your local supermarket for toiletpaper and soap to
solve this problem.
[ OK ]

Find out the statistics of the threats spreading in your region