pátek 24. února 2012

Worm:Win32/Skopvel


Encyclopedia entry
Updated: Apr 17, 2011  |  Published: Mar 24, 2011

Aliases
  • Backdoor.MSIL.Agent.bex (Kaspersky)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.332.0
Released: Feb 24, 2012
Detection initially created:
Definition: 1.95.1996.0
Released: Dec 17, 2010


 

Summary

Worm:Win32/Skopvel is a detection for a worm that spreads to removable drives.


 

Symptoms

Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.


 

Technical Information (Analysis)

Worm:Win32/Skopvel is a detection for a worm that spreads to removable drives.
Spreads via…
Removable drives
This worm copies itself to removable drives as a file named "svchosted.exe". It also places an autorun.inf file in the root directory of the targeted drive. Such autorun.inf files contain execution instructions for the operating system, so that when the removable drive is accessed from another computer supporting the Autorun feature, the malware is launched automatically.

Note: This worm was observed to write an executable and create an autorun.inf file on a targeted drive in our automated testing environment. This is particularly common malware behavior, generally utilized in order to spread malware from computer to computer.
 
It should also be noted that autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
 
Analysis by Chris Stubbs

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.