Class Email-Worm
Platform Win32

Technical Details

This is an Internet worm spreading via e-mail attached as an EXE file. The worm itself is a Win32 executable file about 30Kb in length, written in Visual Basic.

The worm seems to be based on the “Melissa” macro-virus worm – the functions and sequence of instructions in the worm code are very similar to the “Melissa” source code. It seems that this worm was compiled from
a slightly modified “Melissa” source.

When the worm EXE file is being run from an attachment, it sends infected messages and registers itself in a system to run each time Windows starts up.

To spread from an infected computer, the worm uses MS Outlook by obtaining addresses from the MS Outlook Address Book and sends messages there.

The message Subject, Body and Attachment appear follows:

Subject: Matcher
Body: Want to find your love mates!!! Try this its cool… Looks and Attitude Maching to opposite sex.
Attach: matcher.exe

To install into a system, the worm copies itself to the Windows system directory with the MATCHER.EXE name, and registers this file in the Windows registry auto-run


where %SystemDir% is the name of the Windows system directory.

The worm also adds to the end of C:AUTOEXEC.BAT the commands:

@echo off
echo from: Bugger

These commands display the “from: Bugger” message when system is booting up and processes the AUTOEXEC.BAT.

Find out the statistics of the threats spreading in your region