Virus Profile: W32/Naked@MM

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 3/6/2001
Date Added: 3/6/2001
Origin: USA
Length: 73,728
Type: Virus
Subtype: E-mail
DAT Required: 4126
Removal Instructions
   
 
 
   

Description

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Indication of Infection

- Absence of .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories for Win9x, NT, ME, 2000
- Inability to launch applications
- Email correspondence alerting you that they have received the attachment NakedWife.exe from you.
- Missing WIN.COM error message upon restarting Windows

Methods of Infection

This worm arrives as the email attachment, NakedWife.exe . Executing this application infects your machine and causes the worm to mail itself to regular email correspondence.

Aliases

I-Worm.Naked (AVP) , I-Worm.Naked.A (AVX) , NakedWife.exe, TROJ_NakedWife (Trend), W32.Naked@MM (NAV), W32/Naked (Sophos), Win32/Naked.worm (CAI)
   

Virus Family Statistics (over the past 30 days)

Family Statistics information
Virus Name Infected Files Scanned Files % Infected Computers
W32/Naked@MM 0 0 0.00

Virus Characteristics

This worm masquerades as a Flash (shockwave application) movie. The program will display a logo from JibJab, however it is not a shockwave application at all and is not associated with JibJab in any way, other than as a design of social engineering.

When run, it sends itself to all recipients in the Outlook Address Book and attempts to deletes all .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories. This includes Windows NT, ME and other versions.

This program is written in Visual Basic and requires the Visual Basic 6 (or higher) runtime files. When run, it copies itself to a TEMP directory and displays a Window entitled "Flash", which reads "JibJab Loading". It proceeds by sending a separate email message, using Microsoft Outlook, to each recipient in the Outlook Address Book. The messages appear as follows:

Subject: Fw: Naked Wife
Body:
My wife never look like that! ;-)

Best Regards,
(sender's name)

Attached: NakedWife.exe

Choosing the HELP|ABOUT menu in the "Flash" window displays a message box entitled "Flash", which reads "You're are now F**KED! (C) 2001 by BGK (Bill Gates Killer)" (** replaces the actual text displayed)

   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations