Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Skudex.A@mm

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 15 Nov 2001 03:00:00
Description created 16 Nov 2001 02:39:00
Description updated 16 Nov 2001 02:39:00
Malware type WORM
Alias I-Worm.Skudex
Spreading mechanism EMAIL
Summary None

W32/Skudex.A@mm

Spreading

The worm arrives as a mail message seeming to come from Panda@PandaSoft.com, but of course neither Pandasoft (which is a French software company) nor Panda Software (which is a Spanish antivirus company) has anything to to with it.

When executed this worm will first copy itself to the Windows directory under the name GXSMTP.EXE.

It then sets the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run to point to itself, so that it is run during startup.

The worm will now run in the background, check if it is connected to the Internet, and send itself to entries in the Windows address book.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12