This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Method of propagation:
• Mcafee: W32/Loosky
• Kaspersky: Email-Worm.Win32.Locksky.bg
• F-Secure: Email-Worm.Win32.Locksky.bg
• Panda: W32/LockSky.DY.worm
• Grisoft: I-Worm/Locksky.CW
• Eset: Win32/Spabot.U
• Bitdefender: Win32.Locksky.BF
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Downloads a malicious file
• Uses its own Email engine
• Lowers security settings
• Registry modification
• Steals information
It copies itself to the following location:
It tries to download a file:
– The location is the following:
At the time of writing this file was not online for further investigation.
It tries to executes the following file:
using the following command line arguments: firewall set allowedprogram "
%malware execution directory%
The following registry key is added in order to run the process after reboot:
It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established. The characteristics are described in the following:
The sender address is spoofed.
– Email addresses found in specific files on the system.
– Email addresses gathered from WAB (Windows Address Book)
The attachment is a copy of the malware itself.
It searches the following file for email addresses:
Address generation for FROM field:
To generate addresses it uses the following strings:
All of the following:
As a result it may send some information.
Sends information about:
• Created logfiles
• IP address
• Current malware status
• System time
It creates the following Mutex:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
Description inserted by Monica Ghitun on Tuesday, November 6, 2007
Description updated by Andrei Gherman on Thursday, November 8, 2007
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type