This is an Internet worm spreading via e-mail attached as an EXE file. The worm itself is a Win32 executable file about 30Kb in length, written in Visual Basic.
The worm seems to be based on the “Melissa” macro-virus worm – the functions and sequence of instructions in the worm code are very similar to the “Melissa” source code. It seems that this worm was compiled from
When the worm EXE file is being run from an attachment, it sends infected messages and registers itself in a system to run each time Windows starts up.
To spread from an infected computer, the worm uses MS Outlook by obtaining addresses from the MS Outlook Address Book and sends messages there.
The message Subject, Body and Attachment appear follows:
To install into a system, the worm copies itself to the Windows system directory with the MATCHER.EXE name, and registers this file in the Windows registry auto-run
where %SystemDir% is the name of the Windows system directory.
The worm also adds to the end of C:AUTOEXEC.BAT the commands:
These commands display the “from: Bugger” message when system is booting up and processes the AUTOEXEC.BAT.