TrendLabs, Trend Micro's global research and support center has received samples of a new worm propagating via Skype. Detected as WORM_SKIPI.A. This worm may also downloaded unknowingly by a user when visiting malicious Web sites. It drops copies of itself in the Windows system folder. It also creates registry entries to enable its automatic execution at every system startup. It creates certain registry keys and an entry as part of its installation routine. It also propagates via physical and removable drives by dropping copies of itself in the said drives. It drops an AUTORUN.INF file to ensure the automatic execution of its dropped copies. This worm also modifies the system's HOSTS file to prevent users from accessing certain Web sites.
Aliases: Worm.Win32.Skipi.b (Kaspersky), W32/Pykse.worm.b (McAfee), W32.Pykspa.D (Symantec), Worm/Skipi.B (Avira), W32/Pykse-C (Sophos), Worm:Win32/Pykspa.A (Microsoft)
For additional information about this threat, see:
Solution
Technical Details
Statistics
[Via Trend Micro]
This worm sends messages via the instant messaging application Skype that contain links pointing to a remote copy of itself.
Newer Post
No comments:
Post a Comment