The Pikachu virus, also referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children, due to its incorporation of Pikachu, the mascot species of the Pokémon media franchise. It was considered similar to the Love Bug, albeit slower in its spread and less dangerous.
The worm was first detected in June 2000, and mainly spread in the form of an email titled "Pikachu Pokemon" [sic]. The body of the email contained an attached executable file, "PikachuPokemon.exe", which installed a worm that attempted to delete two critical directories of the user's Microsoft Windowsoperating system. This would cause their computer to malfunction. However, an unintended prompt would be given, asking users if they wanted to delete the folders in question; this made the worm less effective than it could have been.
Computer viruses infect a computer and damage it, and are spread when users sent them from one PC to another, whereas computer worms spread on their own.[2] Despite this distinction, the worm which incorporated Pikachu was known as the "Pikachu virus"[6] or "Pokémon virus".[3] It was also known as "Pokey".[2] It started spreading in the United States in late June 2000, and was detected then.[2][3][5] The worm was in the form of an email titled "Pikachu Pokemon" [sic].[4] Different sources state that the email read either "Pikachu is your friend",[2][5] or "Great Friend! Pikachu from Pokemon Theme have some friendly words to say. Visit Pikachu at http://www.pikachu.com. See you."[3]
Description
The email had an attached executable file, "PikachuPokemon.exe", which contained the worm-program.[7][8] Opening the executable showed users an animated image of Pikachu bouncing, along with the message: "Between millions of people around the world i found you. Don’t forget to remember this day every time MY FRIEND!"[3][8] Meanwhile,PikachuPokemon.exeadded the lines "del C:\WINDOWS" and "del C:\WINDOWS\system32" to the file "autoexec.bat". These commands would be executed at the next boot (the next time computer is turned on[3]), in an attempt to delete two critical directories of the Microsoft Windowsoperating system.[9] This would cause the operating system to malfunction.[5] However, users would be given a yes/no prompt asking whether or not they wanted to delete those folders, since the author did not write the added lines as “del C:\WINDOWS\*.* /y” and “del C:\WINDOWS\SYSTEM\*.* /y” (the /y switches would have automatically chosen the yes option).[5][10] This defect was the reason that the worm did not cause more damage to computers.[5]
Spread
If the user who received the virus used Microsoft Outlook, the email would send itself to all the contacts in their Outlook address book.[2][3] This made the virus similar to the Love Bug, which spread in May.[2][11] However, the Pikachu virus was considered far less dangerous, and slower in its dissemination.[3][11] Anti virus companies said there had not been previous viruses or worms directed at children, and the Pikachu virus exploited the fact that children "tend to be less careful about security than their parents".[2][3] On August 24, anti-virus company Trend Micro said they had only received ten reports of the virus, and that nobody had opened it yet.[2][5] However, on August 25, it was reported to be widespread in the United States, but was also present in Europe and Japan.[3]
A consultant for the anti-virus company Sophos said that anyone who had up-to-date security software was unlikely to be affected by it.[3] Trend Micro recommended that users delete the email without opening it. Symantec (another anti-virus company), Trend Micro, and Sophos said that the slow spread of the email gave them time to update their products to include a defense against the worm. These products were available by August 25.[2]
^"Pikachu: Threat Description". Virus and threat descriptions. F-Secure Corporation. Archived from the original on 4 August 2016. Retrieved 13 April 2017.