GO TO: Summary | Removal

Classification

Category: Malware

Type: -

Aliases: BadAss, IWorm_Bad_Ass, I-Worm.BadAss

Summary


BadAss is a worm that spreads itself via Microsoft Outlook email client. The worm file is 24576 bytes long Windows EXE application written in Visual Basic. It seems to be based on Melissa worm source code - functions and sequence of commands in the BadAss code are very close to those in Melissa source code.

The worm spreads itself as a binary attachment to email messages that it sends from infected system. The original attachment name is BADASS.EXE, but it is possible to rename the EXE file manually, and then it will spread itself with a new name.

When the worm file is run from infected message attachment, the worm gets control and starts its main routine. This routine displays message box and acts similar to Joke.Win.Stupid joke program. The text in the messagebox will not be shown here as it is not suitable for all audiences.

After that the worm runs its infection routine that opens the Outlook database, gets email addresses from AddressBook and sends infected messages to all the addresses found. The subject of infected messages contains the text 'Moguh..' and the message text is 'Dit is wel grappig! :-)' ('This is funny!' - in Dutch).

The worm does not send messages twice from the same computer. To avoid duplicate spreading the worm creates a special key in Windows Registry.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.