Jump to content

Worm_locksky.y

curtis

By curtis
in Virus alerts

 Share

Recommended Posts

curtis Proficient

curtis

Posted
Posted

WORM_LOCKSKY.Y is a memory-resident worm that propagates by sending a copy of itself as an attachment to email messages. It is currently spreading in-the-wild and infecting systems that run Windows NT, 2000, XP, and Server 2003.

 

The email that it sends has the following details:

 

Subject: Your mail Account is Suspended

Message body: We regret to inform you that your mail account has been suspended due

to the violation of our site policy, more info is attached.

Attachment: acc_info{random number}.exe

 

It spoofs the From: field in an attempt to trick users into thinking that the spammed email is from a trusted source.

 

It bypasses an affected system's firewall thereby effectively lowering system security.

 

This worm checks for an updated copy of itself by connecting to a specific Web site, and if an updates is available, downloads the update.

 

It also logs keystrokes and saves the gathered information.

 

Upon execution, it drops a copy of itself in the Windows folder, and also drops component files, and other copies of itself in the Windows system folder.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...