When the worm is run it shows a dialog box that looks like a ShockWave Flash executable animation's dialog.
All menus in the dialog box are fake except the 'Help' menu. When a user clicks on it, the worm displays a messagebox with the text 'You're are now FUCKED! (C) 2001 by BGK (Bill Gates Killer)'
It should be noted that the worm's file has an icon similar to ShockWave Flash executable animation files and can confuse many users.
After the worm shows its dialog box, it opens MS Outlook Address Book and sends itself to all addresses found there. The infected message has the worm's executable as NakedWife.exe attached. The infected message looks like that:
Subject:
Fw: Naked Wife
Body:
My wife never look like that! ;-)
Best Regards,
where is the name of an infected computer user.
After the worm sends itself it performs a destructive action. It deletes all *.INI, *.LOG, *.DLL, *.EXE, *.COM and *.BMP files (in that order) in root Windows folder and then deletes all *.INI, *.LOG, *.DLL, *.EXE, *.COM, and *.BMP files in Windows System folder. A system attacked by this worm becomes unusable shortly after that.
If you receive a message with NakedWife.exe attached, don't run the file (don't click on the attachment), delete the message to avoid infection.
|
