Cairuh.B - Worm for Windows by Bull Moose

Worm for Windows

Bull Moose
Author's comments

This is a Mass Mailer variant of Cairuh.A that I have implemented to mail itself to all contacts in Microsoft Windows Outlook. I have removed the functions that change the registry values in exefile and comfile, because it causes too much suspicion and it would counteract with the mass mailing function.

Its features are:

I decided to not directly send mail but instead use a VBS script as the middle man to do the work. The VBS script is dropped and decrypted and filled with REM statements between each line to avoid detection both runtime and scantime. Maybe next time I will create a Mass Mailer that uses a MX engine and it's own SMTP server.

