When the script is executed, it first creates three files to Windows temporary directory: "monopoly.jpg", "monopoly.whs" and "monopoly.vbe".
After these files has been created, the worm will show a message box with the following text:
Bill Gates is guilty of monopoly. Here is the proof.
When user selects "Ok" button from the message box, the worm shows a picture of Monopoly game boad with picture of Bill Gates.
Then VBS/Monopoly attempts to mass mail itself to each recipient defined in the Outlook address lists. This message looks like the following:
Bill Gates joke
Body: Bill Gates is guilty of monopoly. Here is the proof. :-)
Finally it collects the following system information:
- Date and time
- Windows registered user name, organization and version number
- Computer name
- DVD region code
- Country and area codes
- Internet Explorer language code
- Internet Explorer home page
- All entries from address books defined in Outlook
- All ICQ/UIN files
This information is sent to the following addesses:
When the worm has been executed, it creates a registry key
and sets the value of it to "True", so the worm will no be executed again in the same machine.