BadAss is a worm that spreads itself via Microsoft Outlook e-mail client. The worm file is 24576 bytes long Windows EXE application written in Visual Basic. It seems to be based on Melissa worm source code - functions and sequence of commands in the BadAss code are very close to those in Melissa source code.
The worm spreads itself as a binary attachment to e-mail messages that it sends from infected system. The original attachment name is BADASS.EXE, but it is possible to rename the EXE file manually, and then it will spread itself with a new name.
When the worm file is run from infected message attachment, the worm gets control and starts its main routine. This routine displays message box and acts similar to Joke.Win.Stupid joke program. The text in the messagebox will not be shown here as it is not suitable for all audiences.
After that the worm runs its infection routine that opens the Outlook database, gets email addresses from AddressBook and sends infected messages to all the addresses found. The subject of infected messages contains the text 'Moguh..' and the message text is 'Dit is wel grappig! :-)' ('This is funny!' - in Dutch).
The worm does not send messages twice from the same computer. To avoid duplicate spreading the worm creates a special key in Windows Registry.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
Technical Details:Eugene Kaspersky, AVP team