This is a virus which works under Windows, and is using Microsoft Outlook to propagate. The worm is written in Visual Basic 6 and is packed with UPX
. Its size is about 9-10 Kbytes (packed) and unpacked is about 20 Kbytes.
The virus spreads by sending itself as an attached file in an email to every person in the Microsoft Outlook Address Book. However, the first variant does not work properly so the virus fails to attach to infected e-mails (that is why it is called Intended). This error is corrected in variant B.
The format of the infected emails is the same for each version:
Attachement: has no attached file.
The first two variants drops the file WinUpdate.Exe
in the StartUp directory so they will be executed at every Windows session. The virus will copy itself in the victim's computer only if the Windows is installed in directory C:\Windows
(default for 95/98/Me/XP).