Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


BadAss


Aliases:


BadAss
IWorm_Bad_Ass, I-Worm.BadAss

Malware

W32

Summary

BadAss is a worm that spreads itself via Microsoft Outlook e-mail client. The worm file is 24576 bytes long Windows EXE application written in Visual Basic. It seems to be based on Melissa worm source code - functions and sequence of commands in the BadAss code are very close to those in Melissa source code.

The worm spreads itself as a binary attachment to e-mail messages that it sends from infected system. The original attachment name is BADASS.EXE, but it is possible to rename the EXE file manually, and then it will spread itself with a new name.

When the worm file is run from infected message attachment, the worm gets control and starts its main routine. This routine displays message box and acts similar to Joke.Win.Stupid joke program. The text in the messagebox will not be shown here as it is not suitable for all audiences.

After that the worm runs its infection routine that opens the Outlook database, gets email addresses from AddressBook and sends infected messages to all the addresses found. The subject of infected messages contains the text 'Moguh..' and the message text is 'Dit is wel grappig! :-)' ('This is funny!' - in Dutch).

The worm does not send messages twice from the same computer. To avoid duplicate spreading the worm creates a special key in Windows Registry.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.







Technical Details: Eugene Kaspersky, AVP team



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.