Vulnerable computer systems and applications:
Pykspa is a computer worm, a self-spreading malware. Unlike viruses, no user intervention is required for the worm to spread as it spreads through the certain vulnerabilities in computer systems and networks. The following activities can be executed:
- Connecting to a remote C&C server, which would permit remote access to the device;
- Blocking access to security and antivirus websites;
- Creating its backup copies in various computer directories;
- Launching a web server on the infected computer, which is used for further worm distribution;
- Stopping and disabling important system processes;
- Stealing personal information.
The worm spreads through external data carriers and Skype messages. Messages are sent to all contacts found on an infected computer. The malware changes system registry values and infects important system files, which allows it to continue to operate even after the computer is rebooted.
Recommendations in case of infection:
- Isolate the infected computer from the external network;
- Perform a system scan with anti-virus software;
- Use System Restore to restore modified registries and infected system files;
- Disable Autorun;
- Back up all your important data and reinstall your operating system if you notice signs of renewed worm activity;
- If there are many computers running on an inner network, disconnect them from the network and completely repeat the above steps.