[smile]

4- يقوم بجلب عنواوين البريد الإلكتروني من الملفات الموجودة في محركات الأقراص من (C حتى Z) والتي تكون بهذا الامتداد
>
>
>.adb
>.asp
>.cgi
>.dbx
>.dhtm
>.doc
>.eml
>.htm
>.html
>.jsp
>.msg
>.oft
>.php
>.pl
>.rtf
>.sht
>.shtm
>.tbb
>.txt
>.uin
>.vbs
>.wab
>.wsh
>.xml
>
>
أي أنه سوف يقوم بفتح جميع ملفات جهازك والتي امتدادها واحد من الامتدادات السابقة ، ويقوم بقرائة محتوى الملف بحثاً عن بريد الكتروني وفي حال حصل عليه يقوم بتخزينه عنده. لاحظ الكم الهائل من العناوين الإلكترونية التي سوف يحصل عليها ، فهو يفتح ملفات الانترنت المؤقتة ايضا وغالبا ماتحتوي على عناوين الكترونية.
5- بإستخدام محرك SMTP الخاص به يقوم بارسال رسائل تحمل الفايروس لجميع الإيميلات التي عثر عليها في الخطوة السابقة.
وهنا ماأريد شرحه ، الرسالة التي سوف ترسل ، وهي تكون كالتالي :
From : الرسالة ترسل لأحد العناوين البريدية من القائمة التي عثر عليها ، أو مجموعة من العناوين من نفس الدودة.
Subject : موضوع الرسالة يكون متنوعة مثل:


>Re: Enpted Mail
>Re: Extended Mail
>Re: Status
>Re: Notify
>Re: SMTP Server
>Re: Mail Server
>Re: Delivery Server
>Re: Bad Request
>Re: Failure
>Re: Thank you for delivery
>Re: Test
>Re: Administration
>Re: Message Error
>Re: Error
>Re: Extended Mail System
>Re: Secure SMTP Message
>Re: Protected Mail Request
>Re: Protected Mail System
>Re: Protected Mail Delivery
>Re: Secure delivery
>Re: Delivery Protection
>Re: Mail Authentification
>Mail Delivery (failure <spoofed address> )
>Re: Hello
>Re: Request
>Re: Order
>Notice again
>Fwd: Warning again
>Re: List
>Re: Developement
>Re: Proof of concept
>Re: Error in document
>Re: Message
>Re: Sex pictures
>Re: Free porn
>Re: Virus Sample
>Re: Submit a Virus Sample
>Re: Old photos
>Re: Old times
>Re: Question
>Re: Sample
>Re: Its me
>Re: Hi
>Stolen document
>Private document
>Re: Your document
>Re: Approved document
>Try this game ;-)
Body : جمل متنوعة مبهمة محاولة لخدع الضحية.

كما تأتي نصوص الرسالة أحياناً



>Important message, do not show this anyone!
>Your important document, correction is finished!
>The sample is attached!
>I hope you accept the result!
>Please answer quickly!
>Please confirm!
>Are you a spammer? (I found your email on a spammer website!?!)
>I have visited this website and I found you in the spammer list. Is that true?
>Here is my phone number.
>Here is my icq list.
>You have downloaded these illegal cracks?.
>Do not visit this illegal websites!
>Here is it!
>Try this, or nothing!
>Let'us be short: you have no experience in writing letters!!!
>I am shocked about your document!
>You cannot do that!
>Shocking document
>Thanks!
>Thank you for your request, your details are attached!
>Please answer quickly!
>Please confirm!
>You have written a very good text, excellent, good work!
>Your photo, uahhh.... , you are naked!
>Does it matter?
>Do you?
>Monthly news report.
>Your archive is attached.
>I cannot forget you!
>I love you!
>The sample is attached!
>I hope you accept the result!
>I have attached the sample.
>I have corrected your document.
>The file is protected with the password ghj001.
>I have attached your file. Your password is jkl44563.
>I cannot believe that.
>I found this document about you.
>I hope the patch works.
>Message has been sent as a binary attachment.
>Binary message is available.
>I have attached it to this mail.
>Can you confirm it?
>Is that your password?
>Protected message is attached.
>Enpted message is available.
>Mail Authentication
>Protected Mail System
>ESMTP [Secure Mail System #334]: Secure message is attached.
>Partial message is available.
>Waiting for a Response. Please read the attachment.
>First part of the secure mail is available.
>For more details see the attachment.
>For further details see the attachment.
>Your requested mail has been attached.
>Protected Mail System Test.
>Secure Mail System Beta Test.
>Forwarded message is available.
>Delivered message is attached.
>Enpted message is available.
>Please read the attachment to get the message.
>Follow the instructions to read the message.
>Please authenticate the secure message.
>Protected message is attached.
>Waiting for authentification.
>Protected message is available.
>Bad Gateway: The message has been attached.
>SMTP: Please confirm the attached message.
>You got a new message.
>Now a new message is available.
>New message is available.
>You have received an extended message. Please read the instructions.
>Your details.
>Your document.
>I have received your document. The corrected document is attached.
>I have attached your document.
>Your document is attached to this mail.
>Authentication required.
>Requested file.
>See the file.
>Please read the important document.
>Please confirm the document.
>Your file is attached.
>Please read the document.
>Your document is attached.
>Please read the attached file!
>Please see the attached file for details.
>read it immediately
>The file is protected with the password ghj001.
>I have attached your file. Your password is jkl44563.
أو كده
>
>+++ Attachment: No Virus found
>+++ MessageLabs AntiVirus - www.messagelabs.com
>
>
>+++ Attachment: No Virus found
>+++ Bitdefender AntiVirus - www.bitdefender.com
>
>
>+++ Attachment: No Virus found
>+++ MC-Afee AntiVirus - www.mcafee.com
>
>
>+++ Attachment: No Virus found
>+++ Kaspersky AntiVirus - www.kaspersky.com
>
>
>+++ Attachment: No Virus found
>+++ Panda AntiVirus - www.pandasoftware.com
>
>
>++++ Attachment: No Virus found
>++++ Norman AntiVirus - www.norman.com
>
>
>++++ Attachment: No Virus found
>++++ F-Secure AntiVirus - www.f-secure.com
>
>
>++++ Attachment: No Virus found
>++++ Norton AntiVirus - www.symantec.de