Description:
This worm arrives as an attachment to an email message. It gathers target email addresses from found .HTM files in the personal folder and the Windows address book (.WAB) file. Users who receive the malicious email may think that it comes from a known source. Thus, they confidently run the attachment.
The email message that this worm sends out has the following details:
Subject: Skylook for Skype
Message Body:
Hello, You asked me to send you Skylook - here it is:
With Skylook, you can get 1 hour of world-wide calls FREE!
Skype? Voice Calls (as MP3), Instant Messages, Email, Appointments, Contacts all organized and under control in Microsoft? Outlook?!
Halloween Special!
Try it before October 31 and receive 1 hour of free world-wide calls (SkypeOut). Also You`ll get 40% off a business license or 30% off a home license.
Use Skylook 1.0 to record Skype? VoIP Calls to MP3!
Skylook attache
Attachment: skylook_1.exe
Upon execution, this worm drops several files on an affected system that are detected by Trend Micro as the following:
The said malware further enhance the functionalities of this worm, allowing it to steal user names and passwords, log keystrokes, and execute commands from a remote user. It also bypasses the firewall settings of the affected system by running a certain command.
In addition, this worm downloads updates of itself at ten minute intervals, from a specific Web site. This action ensures that the affected system always has the latest worm version installed.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 24, 2005 12:35:25 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
