Destructive "Naked Wife" e-mail worm on the loose
March 8, 2001
Several anti-virus companies are warning that a potentially damaging Internet worm called "Naked@MM" or "NakedWife" is on the loose in Europe, the United States and Canada. One company reported finding evidence that the worm, which spreads via e-mail when the victim tries to access a flash movie of what is supposedly someone's naked wife, may have originated in Brazil.
According to information from McAfee, Trend Micro, Symantec and Computer Associates, the mass mailing worm is attached to an e-mail as "NakedWife.exe." The Subject line says "Fw: Naked Wife" and the body of the e-mail says "My wife never look like that! ;-) Best Regards, (incorporates sender's name)."
If the recipient clicks on the attachment, the worm sends itself to all destinations in the person's Windows address book. At the same time, it attempts to delete all .BMP, .COM, .DLL, .EXE and .INI files in the Windows and Windows\System directories.
If the user clicks on the "Help/About" menu in the Flash window, a vulgar message is displayed which reads "You're now F****D! (C) 20001 by BGK (Bill Gates Killer)."
Steve Trilling, director of research for Symantec's anti-virus research center (SARC), said the company has already begun examining the worm to try to unmask the identity of the sender.
"The source code of the virus shows it was written on March 5," he said. "There is some indication that it originated in Brazil."
Trilling said when a virus is created, it begins as a series of instructions typed into a text file. That text file then goes through a compiler, software that translates code written by the programmer into a program that can be run on a computer. "The compiler in this virus was licensed to a Brazilian insurance company. There is also a name in the code, M. A. Santos."
Trilling cautioned that the creator might have inserted the name of another person and or the insurance company to divert attention. "It could be faked by someone who wants us to think that it came from Brazil. We do not know for sure at this time. However, most viruses tend to be written by unsophisticated people. The person that wrote the "Love Bug" virus left fingerprints all over it that pointed to the Philippines."
Susan Orbuch, spokesperson for Trend Micro, said the worm is a rarity in that it contains a dangerous payload and that it announces itself.
"The most effective viruses are the least visible. The ones that do the most damage are stealth, they do not advertise themselves," she said. "Most viruses do not do damage; but this one has the potential to delete several system files essential to the operating system. It will not damage hardware, but it spreads quickly and has a damaging payload."
Orbuch said Naked Wife offers a lesson to corporations. "Do not fight viruses by waiting for them to hit the desktops; block them at the Internet gateway," she said.
Symantec has information on the Naked Wife worm on the Web at http://www.symantec.com/avcenter
McAfee is online at http://www.mcafee.com
Trend Micro is at http://www.antivirus.com
© 2001 Michael Bartlett, ComputerUser.com Inc