IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ADVISORY 01-002

"Naked Wife"
March 06, 2001

Based on pending investigations, the NIPC is evaluating an Internet worm by the name of "NakedWife.exe" that has been propagating in the wild. The NIPC considers this to be a medium threat due to its destructive payload and mass mailing capability. This worm arrives disguised as a Macromedia Director file and once run, brings up a video player with the words "Jib Jab" and "Loading" flashing in the window. The virus has a destructive payload that deletes primary system files in the WINDOWS and WINDOWS\SYSTEM folders, including selected .exe, .dll, .ini, .com, and .bmp files. Once the worm has deleted these files, the victim's operating system becomes inoperable.

Propagation and infection occurs when a victim clicks on the "NakedWife.exe" attachment of the infected e-mail. Once the worm has been activated, it sends itself out to individuals in the victim's address book. Users are advised to delete any e-mail messages with the "NakedWife.exe" attachment and visit their anti-virus software vendor web sites for an update. Additionally, system administrators are advised to consider blocking e-mails with "Naked Wife" in the subject line of incoming e-mails and attachments with "NakedWife.exe."

The anti-virus software industry is aware of this worm and has created a signature file to detect and remove it. Full descriptions and removal instructions can be found at various anti-virus software firms web sites, including the following:

· http://www.symantec.com
· http://www.nai.com (McAfee)
· http://www.antivirus.com (Trend Micro)
· http://www.fsecure.com
· http://www.sophos.com
· http://www.cai.com (Computer Associates)

As always, users are advised to keep their anti-virus software current by checking their vendor's web sites frequently for new updates, and to check for alerts put out by NIPC, CERT/CC, and other cognizant organizations.

Please report computer crime to your local FBI office or the NIPC, and to other appropriate authorities. Incidents may be reported online at www.nipc.gov/incident/cirr.htm.