| Name: | Blebla |
| Aliases: | W32.Blebla.Worm, Romeo and Juliet, W32/Verona, Troj Blebla.A ,Verona, I-Worm.Blebla, CHM_BLEBLA.A, StealthBombII, W32/BleBla@MM ,W32.Shakespeare, Shakespeare, |
| Ports: | |
| Files: | Myromeo.exe - 29,184 bytes Myjuliet.chm - Hh.exe - Sysrnj.exe - |
| Created: | Nov 2000 |
| Requires: | |
| Actions: | Worm / Mail trojan / Destructive trojan |
| Always arrives with two attachements. Tries to send mails to all addresses in Outlook through one of several ISPs in Poland. Some of the code is packed with UPX. When the mail is viewed the attachements are automatically saved and a script in the mail is run to view the .chm file, which in turn executes the attached .exe file. En second version of Blebla overwrites datafiles with 21 different file extensions. This version uses 18 pre-defined SMTP servers to spread itself. | |
| Versions: | A, B, |
| Registers: | HKEY_CURRENT_USERS\Software\Microsoft\Internet AccountManager\00000001\SMTP Email Address\ |
| Notes: | Works on Windows 95, 98, NT and 2000, together with MS Outlook orOutlook Express. |
| Country: | written in Poland |
| Program: | Written in Borland Delphi. |