Stages Worm
Aliases: LifeStages, I-Worm.Scrapworm, IRC/Stages.worm

According to reports from F-Secure, Stages exhibits the following characteristics:

Type: Internet Worm
Systems Affected: Windows 32-bit systems
Payload: F-Secure states that "the worm modifies the association of ".REG" files to point to the copy of "REGEDIT.EXE" that it has created to the Recycled directory as "RECYCLED.VXD". The original "REGEDIT.EXE" is deleted from the Windows directory." Additionally, "it changes Windows configuration in such a way that the extension of ".TXT" files is always displayed - regardless of the Windows Explorer configuration".
ITW: Yes
Origin:
Description: Stages is a VBScript worm that sends itself to addresses in an infected user's address book with one of the following subject lines: "Life Stages", "Funny", or "Jokes". The email carries an infected attachment named "LIFE_STAGES.TXT.SHS". If the attachment is opened, the following text will be displayed:

    - The male stages of life:

    Age. Seduction lines.
    17   My parents are away for the weekend.
    25   My girlfriend is away for the weekend.
    35   My fiancee is away for the weekend.
    48   My wife is away for the weekend.
    66   My second wife is dead.

    Age. Favorite sport.
    17   Sex.
    25   Sex.
    35   Sex.
    48   Sex.
    66   Napping.

    Age. Definiton of a successful date.
    17   Tongue.
    25   Breakfast.
    35   She didn't set back my therapy.
    48   I didn't have to meet her kids.
    66   Got home alive.

    - The female stages of life:

    Age. Favourite fantasy.
    17   Tall, dark and hansome.
    25   Tall, dark and hansome with money.
    35   Tall, dark and hansome with money and a brain.
    48   A man with hair.
    66   A man.

    Age. Ideal date.
    17   He offers to pay.
    25   He pays.
    35   He cooks breakfast next morning.
    48   He cooks breakfast next morning for the kids.
    66   He can chew his breakfast.