1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. FriendMess

FriendMess

Summary

VBS/FriendlyMess is a worm similar to VBS/LoveLetter. More information about VBS/LoveLetter is available at http://www.F-Secure.com/v-descs/love.shtml

VARIANT:FriendMess.A

Summary

The e-mail message that this worm sends looks like this: 

    Subject:    FRIEND MESSAGE
    Body:       A real friend send this message to you.
    Attachment: FRIEND_MESSAGE.TXT.vbs

If the user executes the attachment, the worm copies itself to the Windows System directory as "FRIEND_MESSAGE.TXT.vbs".

After that, it overwrites autoexec.bat so that the next time the machine is rebooted it will try to delete all files from the Windows directory, from the Windows System directory and from the Temporary directory. This payload will not work in NT.

Then it shows a message box with the following text: 



    If you receive this message remember forever: A precious friend in
    all the world like only you! So think that!

Then the worm starts Outlook application in order to send itself via e-mail to all addresses in all address books. The worm adds a marker in the registry for each address so that the e-mail message is sent only once to each recipient.

[Analysis: Katrin Tocheva and Sami Rautiainen, F-Secure]