TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SKIPI.A
Overview
Solution

Malware type: Worm

Aliases: Worm.Win32.Skipi.c (Kaspersky), W32/Pykse.worm.b (McAfee), W32.Pykspa.D (Symantec), Worm/Skipi.C (Avira), W32/Pykse-D (Sophos),

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Medium

Infection Channel 1 : Propagates via instant messaging applications

Infection Channel 2 : Propagates via removable drives

Infection Channel 3 : Copies itself in all available physical drives

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

WORM_SKIPI.A Behavior Diagram

Malware Overview

This worm may be downloaded unknowingly by a user when visiting malicious Web sites. It may also arrive via Instant Messaging (IM) applications.

It drops copies of itself in the Windows system folder. It also creates registry entries to enable its automatic execution at every system startup. It creates certain registry keys and an entry as part of its installation routine.

This worm sends messages via the instant messaging application Skype that contain links pointing to a remote copy of itself.

It also propagates via physical and removable drives by dropping copies of itself in the said drives. It drops an AUTORUN.INF file to ensure the automatic execution of its dropped copies.

This worm also modifies the system's HOSTS file to prevent users from accessing certain Web sites.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 10, 2007 4:53:54 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.