Email-Worm.Win32.Naked or Naked (also known as NakedWife) is a worm that spreads through email on the Microsoft Windows operating system (Win32).



Naked Fake Flash Player

Naked is an Internet worm spreading via e-mail by sending infected messages from infected computers. While spreading, the worm uses MS Outlook, and sends itself to all addresses that are stored in the MS Outlook Address Book. The worm itself is a Win32 application about 70K in length, written in VisualBasic.

When run (if a user clicks on an attached infected executable file), the worm sends its copies by e-mail, and performs the following destructive action: the worm deletes all .INI, .LOG, .DLL, .EXE, .COM, .BMP in Windows and Windows system directory.

The worm does not install itself into the system and does not touch system registry. This is "direct action" worm that performs its action only once being activated from infected message. The worm copies itself to Windows TEMP directory, but does not use that copy.

When run, the worm displays a fake window with a "Macromedia Flash Player" picture in it, and it displays the JibJab logo and a Loading message in an endless loop.

The menus in the window do not summon any action when they are selected, except the "Help" menu. Upon selecting it, the "About Macromedia Flash Player 5..." item appears, when that item is selected, the worm displays the message box:

You're are now F***ED! (C) 2001 by BGK (Bill Gates Killer)
[ OK ]

(Note: The text is not censored in the actual virus) The worm sends itself as an e-mail message with an attached EXE file that is the worm itself. The message consists of:

Subject: Fw: Naked Wife

My wife never look like that! ;-)
Best Regards,

Attached file name: NakedWife.exe

Note : [CurrentUser] is the name of the sender.

Being activated by a user (by double clicking on an attached file), the worm opens MS Outlook, gains access to the Address Book, obtains all addresses from there and sends messages with its attached copy to all of them. The message subject, body and attached file name are the same as above.


Community content is available under CC-BY-SA unless otherwise noted.