Welcome to BrightSite by bright.net Internet Services
bright.net Anti-Virus Page
Navigation
Recent Entries
¤ "Fake Antivirus" - Removal Tool Now Available
¤ Scheduled Maintenance - Scam Message
¤ XP Antivirus 2008 - Trojan
¤ MSNBC Spam
¤ CNN Scam Mail
¤ View All
¤ Scheduled Maintenance - Scam Message
¤ XP Antivirus 2008 - Trojan
¤ MSNBC Spam
¤ CNN Scam Mail
¤ View All
Links
Antivirus Programs
¤ Avast Antivirus
¤ AVG - Free Anti-Virus
¤ Avira AntiVir
Information
¤ Syamantec Virus Info
¤ Unwantedlinks.com
¤ Virus Encyclopedia
¤ Virus Hoax
Misc/Patches
¤ Mozilla Firefox (Browser)
¤ Sasser Patch - 2000/XP
¤ Zobot Patch
Removal Tools
¤ Avast! Removal Tool
¤ Beagel Removal
¤ Mytob Removal Tool
¤ Netsky Fix Tool
¤ Sasser Removal Tool
¤ Sober (Choose version)
¤ Sober.C Removal (NEW)
¤ Sober.X Removal
¤ Stinger - Virus Removal Tool
¤ Virus Removal Tool List
¤ Virus Utilities
¤ Zobot Removal Tool
Spyware Removal
¤ Ad-Aware
¤ CW Shredder
¤ Hijackthis
¤ Malwarebytes
¤ SpyBot - Search & Destroy
¤ Windows Defender
¤ Avast Antivirus
¤ AVG - Free Anti-Virus
¤ Avira AntiVir
Information
¤ Syamantec Virus Info
¤ Unwantedlinks.com
¤ Virus Encyclopedia
¤ Virus Hoax
Misc/Patches
¤ Mozilla Firefox (Browser)
¤ Sasser Patch - 2000/XP
¤ Zobot Patch
Removal Tools
¤ Avast! Removal Tool
¤ Beagel Removal
¤ Mytob Removal Tool
¤ Netsky Fix Tool
¤ Sasser Removal Tool
¤ Sober (Choose version)
¤ Sober.C Removal (NEW)
¤ Sober.X Removal
¤ Stinger - Virus Removal Tool
¤ Virus Removal Tool List
¤ Virus Utilities
¤ Zobot Removal Tool
Spyware Removal
¤ Ad-Aware
¤ CW Shredder
¤ Hijackthis
¤ Malwarebytes
¤ SpyBot - Search & Destroy
¤ Windows Defender
Virus News
WORM_LOCKSKY.Y
WORM_LOCKSKY.Y is a memory-resident worm that propagates by sending a copy of itself as an attachment to email messages. It is currently spreading in-the-wild and infecting systems that run Windows NT, 2000, XP, and Server 2003.
The email that it sends has the following details:
Subject: Your mail Account is Suspended
Message body: We regret to inform you that your mail account has been suspended due to the violation of our site policy, more info is attached.
Attachment: acc_info{random number}.exe
It spoofs the From: field in an attempt to trick users into thinking that the spammed email is from a trusted source.
It bypasses an affected system's firewall thereby effectively lowering system security.
This worm checks for an updated copy of itself by connecting to a specific Web site, and if an updates is available, downloads the update.
It also logs keystrokes and saves the gathered information.
Upon execution, it drops a copy of itself in the Windows folder, and also drops component files, and other copies of itself in the Windows system folder.
The email that it sends has the following details:
Subject: Your mail Account is Suspended
Message body: We regret to inform you that your mail account has been suspended due to the violation of our site policy, more info is attached.
Attachment: acc_info{random number}.exe
It spoofs the From: field in an attempt to trick users into thinking that the spammed email is from a trusted source.
It bypasses an affected system's firewall thereby effectively lowering system security.
This worm checks for an updated copy of itself by connecting to a specific Web site, and if an updates is available, downloads the update.
It also logs keystrokes and saves the gathered information.
Upon execution, it drops a copy of itself in the Windows folder, and also drops component files, and other copies of itself in the Windows system folder.
January 31st, 2006
bright.net does not support nor endorse these programs but have found some of them helpful. Many of the programs and links found on this page are for third-party applications and are to be used at your own risk. Should you encounter problems with the tools, you may need to consult a computer technician for further assistance.