Trend Micro Virus Alert: WORM_LOCKSKY.Y

WORM_LOCKSKY.Y is a memory-resident worm that propagates by sending a copy of itself as an attachment to email messages. It is currently spreading in-the-wild and infecting systems that run Windows NT, 2000, XP, and Server 2003.

The email that it sends has the following details:

Subject: Your mail Account is Suspended
Message body: We regret to inform you that your mail account has been suspended due
to the violation of our site policy, more info is attached.
Attachment: acc_info{random number}.exe

It spoofs the From: field in an attempt to trick users into thinking that the spammed email is from a trusted source.

It bypasses an affected system's firewall thereby effectively lowering system security.

This worm checks for an updated copy of itself by connecting to a specific Web site, and if an updates is available, downloads the update.

It also logs keystrokes and saves the gathered information.

Upon execution, it drops a copy of itself in the Windows folder, and also drops component files, and other copies of itself in the Windows system folder.

If you would like to scan your computer for WORM_LOCKSKY.Y or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/