A worm that has been spreading through Skype has been identified as Ramex.a by Skype and Pyskpa.d by Symantec.  It spreads in a familiar way, by sending out messages to the contacts list of an infected system.  The messages contain a link, which appears to be to a .jpg but is actually to download a .scr file.

Like a number of other malicious programs, Ramex corrupts the Explorer.exe process by injecting it with malicious code and causing it to run wndrivsd32.exe which is the actual malware.  By altering your Windows hosts file, it will prevent you from receiving security updates.  Removing Ramex is a complicated process, as it involves making changes to your registry.  If attempting to edit your registry make sure you make backups.  If your registry is backed up, not much more can go wrong.

Source: Computerworld, Biosmagazine (Image)

Related Videos

Sponsors