This came to me today from a reliable source. FWIW----

~~~~~~~~~~~~~~~~~~~

Virus Name: Naked Wife

Threat Level: HIGH

Virus Description:

Subject Line: "FW: Naked Wife.exe"

Message Text: "My wife never looked like that!;-"

Attachment: NakedWife.exe

Damage:

If attachment is selected, hostile code will resend itself to addresses in the client's outlook address book.

The virus deletes the following extensions *.com, *.dll, *.exe, *.bmps.

User Action:DO NOT OPEN ANY E-MAIL ATTACHMENT CONTAINING ATTACHMENT! DELETE

From Symantec: http://service1.symantec.com/sarc/sarc.nsf/html/W32.Naked@mm.html

W32.Naked@mm

Discovered on: March 6, 2001

Last Updated on: March 6, 2001 at 12:15:01 PM PST

W32.Naked@mm is a mass mailing worm that disguises itself as flash movie. The attachment will be named NakedWife.exe. This worm, after it has attempted to email everyone in the Microsoft Outlook addressbook, will attempt to delete several system files. This will leave the system unusable, requiring a re-install.

NOTE: This worm was previously detected as W32.HLLW.JibJab@mm.

Category: Trojan Horse, Worm

Virus Definitions: March 6, 2001

Payload: Trigger: Every time the worm is executed Payload: Deletes files: Attempts to delete several files from the Windows and Windows\System folders

Distribution:

Subject of email: Fw: Naked Wife

Name of attachment: NakedWife.exe

Size of attachment: 73,728 bytes

Technical description:

When first executed, W32.Naked@mm shows a window that appears to be loading a Flash movie. However, in the background, this worm attempts to send itself to everyone in the Microsoft Outlook address book. The message this worm sends out looks as following:

Subject: Naked Wife

Body: > My wife never look like that! ;-)

Best Regards, [UserName]

*[UserName] will be replaced with the username that is used when registering Microsoft Outlook.

After the worm has attempted to mass-mail itself, it will attempt to delete files from the Windows and Windows\System folders. The worm will attempt to delete all files in the Windows and Windows\System folders that have any of the following extensions:

.ini

.log

.dll

.exe

.com

.bmp

If this payload is executed, the only way to get the system back to an operational state is to reinstall it.

SARC has also received several corrupted samples. The corrupted variant of this worm will be detected as W32.Naked.dam. The corrupted variant cannot cause any damage to the system. However, if found, it should be deleted.

Removal instructions:

Delete any file detected as W32.Naked@mm or W32.Naked.dam.

If the worm has been executed, it is very likely that the system has to be reinstalled.

-- Lars (larsguy@yahoo.com), March 07, 2001

Answers

Lars:

Yeah, I'm on the list. Got a warning from Symantec yesterday.

I am led to believe that a lot of morons have my email address in their files. *<)))>/FONT> When these things appear, I receive them. One, Was it the love virus?, gave me 22 copies.

Cheers,,,,

Z

-- Z1X4Y7 (Z1X4Y7@aol.com), March 07, 2001.

Love lime. Miss lime.

Z

-- Z1X4Y7 (Z1X4Y7@aol.com), March 07, 2001.

sublime

-- (nemesis@awol.com), March 07, 2001.