F-Secure Virus Descriptions : Pikachu
The hyped-up 'Pokey' virus doesn't seem to be widespread.
Pikachu is an Internet worm that spreads itself as an executable
file attachment using Microsoft Outlook. The worm was written in
Visual Basic 6 and it requires VB6 libraries to be present in a
system to run. The worm usually arrives in an e-mail message that
looks like that:
Subject: Pikachu Pokemon
Body:
Great Friend!
Pikachu from Pokemon Theme have some friendly words to say.
Visit Pikachu at http://www.pikachu.com
See you.
The worm is attached to this message as the PIKACHUPOKEMON.EXE
file. The file has an icon resembling Pikachu character.
When a user clicks on the attachment, the worm is activated. It
shows a dialog with Pikachu image and the following text:
Between millions of people around the world i found you.
Don't forget to remember this day every time MY FRIEND!
Visit us at http://www.pikachu.com
The dialog that the worm shows upon activation looks like that:
Then the worm accesses Outlook address book and sends messages
with its body attached to everyone in this address book.
The worm has a dangerous payload. It adds several commands to
AUTOEXEC.BAT file that will delete \Windows\ and \Windows\System\
folders when a system is restarted. A system asks confirmation to
delete files, so if a user doesn't press 'Y', his files are not
deleted.
[Analysis: Alexey Podrezov, F-Secure, August 2000]
|
