VBS/FriendlyMess is a worm similar to VBS/LoveLetter. More
information about VBS/LoveLetter is available at
http://www.F-Secure.com/v-descs/love.shtml
The e-mail message that this worm sends looks like this:
Subject: FRIEND MESSAGE
Body: A real friend send this message to you.
Attachment: FRIEND_MESSAGE.TXT.vbs
If the user executes the attachment, the worm copies itself to the
Windows System directory as "FRIEND_MESSAGE.TXT.vbs".
After that, it overwrites autoexec.bat so that the next time
the machine is rebooted it will try to delete all files from the
Windows directory, from the Windows System directory and from the
Temporary directory. This payload will not work in NT.
Then it shows a message box with the following text:
If you receive this message remember forever: A precious friend in
all the world like only you! So think that!
Then the worm starts Outlook application in order to send itself
via e-mail to all addresses in all address books. The worm adds a
marker in the registry for each address so that the e-mail message
is sent only once to each recipient.
[Analysis: Katrin Tocheva and Sami Rautiainen, F-Secure]
