1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Worm MofkSys A Activity

HTTP Worm MofkSys A Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the traffic generated by W32.Mofksys.A caused by users being infected by traffic generated by the worm.

Additional Information

This worm may:

* Record keystrokes
* Update itself
* Send an email
* Download files
* Execute commands

Once installed, W32.Gosys created many files in main Windows OS
directories. It also creates/modifies certain registry entries so that it executes whenever Windows starts. This worm usually can't be completely manually removed.

More details about the worm can be read at the link below -
http://www.symantec.com/security_response/writeup.jsp?docid=2009-111112-3448-99

Affected

  • All Microsoft Windows.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube