Fandom

Malware Wiki

Badass

1,321pages on
this wiki
Add New Page
Comment1 Share


Email.Worm.Win32.Badass or Badass is an email worm that runs on Win32 Operating Systems.

BehaviorEdit

Badass is a virus-worm that spreads via the Internet using Microsoft Outlook. The worm itself is a Windows .exe file about 25KB in length, and written in VBS. The worm seems to be based on the "Melissa" macro-virus worm - the functions and sequence of instructions in the worm code are very similar to the "Melissa" source code. It seems that this worm was compiled from a slightly modified "Melissa" source. The worm is transferred via the net in e-mail messages with an infected attachment. The original attachment has the BADASS.exe name, but it is possible to rename the .exe file manually, and it then will spread with a new name. When an infected message is received and the attached .exe file is executed, the worm gains control and starts its main routine. This routine displays message boxes, then runs the infection routine that opens the Outlook database, obtains e-mail addresses from the Address Book and sends infected messages to the addresses found. The subject in the infected messages contains the subject "Moguh.." and the message body is "Dit is wel grappig! :-)" in Dutch.

Badass


The worm does not send messages twice from the same computer. To avoid duplicate spreading, the worm creates a system registry key, and checks it upon each start:

HKCU\SoftWare\VB and VBA Program Settings\Windows\CurrentVersion

"CMCTL32"="00 00 00 01"

[Adult only--------------------------------------------------]

The first message box displayed by the worm appears as follows:

Kernel32

An error has occured probably because your cunt smells 
bad. Is this really so?
[ Yes ]   [ No ]

Upon the mouse cursor moving to the [No] button, the worm moves this button another place to the left [Yes], and return it back when the mouse cursor moves near to button, and so on until clicking [Yes]:

[ Yes ]   [ No ]

[ No ]   [ Yes ]

[ Yes ]   [ No ]

So the worm does not allow one to click the [No] button. When the [Yes] button is pressed, the worm displays another message and runs its infection routine:

WIN32

Contact your local supermarket for toiletpaper and soap to solve this problem.

[ OK ]

VideosEdit

Email-Worm.Win3200:38

Email-Worm.Win32.Badass-0

Email-Worm.Win32.Badass on Virtual PC

Email-Worm.Win3201:18

Email-Worm.Win32.Badass

Email-Worm.Win32.Badass

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.