Email-Worm.Win32.Pikachu or Pikachu is a worm that spreads through email.
Pikachu was the first worm aimed at children. It was sent in the form of an email, and named after the character existing in the Pokémon franchise. This worm spreads via the Internet using Microsoft Outlook and spreads in E-Mail letters with the attached file "PikachuPokemon.exe". The icon is a crudely drawn Pikachu. The worm itself is a Win32 .exe file written in Visual Basic 6.0, and the file size is about 32 KB. When the worm runs, first of all it overwrites the original C:\AUTOEXEC.BAT file with instructions that will delete all files in the Windows and Windows system directory. It displays a picture of Pikachu and some text:
Between millions of people around the world I found you. Don't forget to remember this day every time MY FRIEND!
It searches the address book of Microsoft Outlook and creates letters for e-mail addresses in the Outbox folder.
Subject: Pikachu Pokemon. Text: Great Friend! Pikachu from Pokemon Theme have some friendly words to say. Visit Pikachu at http://www.pikachu.com See you.
And to each letter, the worm attaches itself as the file PikachuPokemon.exe.
The worm was sent to everyone in that person's address book and it would add the following lines to AUTOEXEC.BAT, which is located in the root directory of the drive Windows 95/98/ME was installed on. (i.e. C:\autoexec.bat). These lines were as follows:
@echo off del C:\WINDOWS\*.* del C:\WINDOWS\SYSTEM\*.*
However, the worm was not well coded and Windows would prompt the user to confirm the action when the computer boots up, and users would more likely not want to delete these files. A user could also tell that it was unofficial due to the lack of proper grammar.
- The website featured (http://www.pikachu.com/) just redirects to Pikachu's entry on the Pokémon Pokédex site.