Malware type: Worm

Aliases: IM-Worm.Win32.Pykse.a (Kaspersky), W32.Pykspa.A (Symantec), TR/Drop.Pic.A (Avira), Mal/Behav-103 (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, XP, 2000, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This memory-resident worm arrives on a system as a file downloaded from remote sites by other malware. It also arrives via Skype, an instant messaging application using Voice over IP (VoIP) protocol.

It spreads by sending instant messages to an affected user's Skype contacts. The messages contain links which, when clicked, downloads a copy of this worm. Using the said technique may trick users into thinking that it is safe to click the link since the message appears to originate from a known sender.

When executed, it displays an image file in order to trick users into thinking that the executed file is not malicious. Below is a screenshot of the said image file:

In addition, this worm connects to certain Web sites to download a file detected by Trend Micro as WORM_PYKSE.B. As a result, the routines of the downloaded worm are exhibited on the affected system.

It also connects to other Web sites. However, the said sites are inaccessible as of this writing.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 17, 2007 11:40:39 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.