W32/Redesi-A

W32/Redesi-A is a Win32 worm which uses Microsoft Outlook to spread. The worm arrives in an email message with the subject randomly chosen from:

• "Kev Gives great orgasms to ladeez!! -- Kev"
• "hell is coming for u, u will be sucked into a bottomless pit!!! -- Gaz"
• "Scientists have found traces of the HIV virus in cow's milk...here is the proof -- Will"
• "Yay. I caught a fish -- Si"
• "I don't want to write anything but Si is bullying me. -- Jim"
• "I want to live in a wooden house -- Arwel"
• "Michelle stil owes me £10 ... shit ! -- Si"
• "Why have I only got cheese and onion crisps ? I hate them!! -- Si"
• "A new type os Lager / Weed variant...... sorted !"
• "My dad not caring about my exam results -- by Michelle"

The body of the message always contains the text "heh. I tell ya this is nuts ! You gotta check it out !".

The attached filename is one of the following: redo.exe, si.exe, common.exe, userconf.exe or disk.exe.

When the worm is run, it copies itself into C:\rede.exe, C:\si.exe, C:\userconf.exe, C:\common.exe and C:\disk.exe.

It then uses Outlook Express to send itself to all contacts found in the address book.

Finally, it displays the message box "<filename> is not a valid Win32 application."