Hello everyone, and whoa, it’s time for a new video. Today we’re taking a look at the Lentin e-mail worm, I actually have two variants here, as they do slightly different things. But, in the end they’re by the same author, and wind up doing mostly the same stuff. So, before we go ahead and look at this, I just wanna prove that programs do indeed work on this computer. (clicking) So we have AIM installed, as you can see it comes up normally and works. (more clicking) We can also run stuff like regedit…(typing) Ignore these, uh, the graphical problems, they started popping up whenever I resize the Virtual Machine window. (clicking) But, whatever, and Task Manager works, all the stuff works. So, first of all run this D variant, and this is the C variant, and this is D… (clicking) go ahead and run it… and this worm arrives in an email message pretending to be a screensaver, hence the .scr extension. And, appropriately enough, it acts like a screensaver. “I like U very much, True Love never ends” printed in different lines and angles across the screen, in different colors… And everytime it changes the message it shakes things up a little bit and shakes your desktop. And, like a real screensaver when you move your mouse it goes away…(clicking) Still got a little artifacting here but that’s alright. We run AIM, and we notice that this screensaver program runs with it, that’s kinda weird. (clicking) And unfortunately, we cannot see the emails it sends, as it doesn’t do it in a way a user can see it. (clicking) But, we notice this with any program we try to run. Explorer, we get this screensaver pop up. Notepad… They all run, but we still get this message that the program has crashed. However, the C variant is a little more insidious, we’ll go ahead and run this… And, it doesn’t appear to have done anything but now… (error sound) All of our programs no longer work! “aim.exe, The specified path does not exist.” What it does, it just doesn’t work, (error sound) the AIM installer doesn’t work, the other version of the worm of course still works, that’s good. Let’s see, if we rename this to “lentin.scr”, let’s see if we can change things a little bit… (typing) Maybe that will let it run? (typing) (Windows prompt sound) That should- Oh hey, it works! Okay, so I guess the way the worm blocks programs from running is that it prevents anything not named with a .scr extension from running, that’s kinda weird. It doesn’t seem to be actually launching though (error sounds) and we can’t get rid of it. But anyway, all of our other programs do not work. (error sound) Task Manager, regedit, Notepad… just all blocked. The worm sits in memory and doesn’t allow these programs to run. It also does this in Safe Mode which makes it pretty difficult to actually remove. (clicking) And finally this C variant drops a randomly named text file in the Windows directory, and in this case it has no name at all, let’s see… “Origin: India, Dedicated to: All the Stupid SW Prof’s that thinks they are the Masters…” “LOL, Still I am not a SW Prof… Anybody want my service?Sent a mail. Confident in MFC, W32API, C, VC++…” “TO AV’S: Who the hell named my Valentine worm to yaha? Stupid AVs, they don’t know what my worm is doing…lol lol lol lol lol lol.” Good message. There should be another one in here that’s randomly named… here we go, huodu. Same message, alright. I swear it was it was printing a different message before… There we go! “I like Klez, Sircam, But I hate the bullshit payloads. Is I am a good coder?? Still I have doubt huhh!!!” “Beware Indian Hackers… Tomarrow is ours!!!” So you better watch out, because he means business. And other than completely blocking your computer’s functionality, Lentin really doesn’t do much else. I’m sorry again that I can’t show you the emails, but they’re the standard kind of spammy, Engrishy emails you would expect to contain a virus or a worm, which in this case it does. And that’s really about it for the Lentin worm. Thank you for watching, and I will have some videos coming up in the near future discussing the future of this channel and what direction I wanna take it. In particular, I’m thinking about a new sort of series of videos focusing on user-made and submitted viruses and malware. Uh, if that’s something you wanna see, like leave me a comment or wait for those videos. There will be polls with them, and you can vote and stuff. It’ll be all fancy, but I just really want to determine where to go with this channel and what you guys want to see on this channel. Thank you for watching, that is about it for the Lentin worm, and take care.