Welcome to the Virus Encyclopedia of Panda Security.
Spybot.AKB carries out the following actions:
On the other hand, Spybot.AKB carries out other actions to reduce the security level of the computer:
Spybot.AKB creates the following files in the Windows system directory:
Spybot.AKB creates the following entries in the Windows Registry:
Spybot.AKB modifies the following entry from the Windows Registry so that the Windows error reporting error is not automatically run:
Spybot.AKB uses several means to spread itself in order to infect as many computers as possible.
Spybot.AKB spreads via email messages and P2P programs.
1.- Email messages
It reaches the computer in an email message that seems to be an invitation to Twitter sent by some friend. The message contains the Twitter logo and several links that point to the real Twitter website.
However, in order to accept the invitation or know who has sent it, the attached file has to be run. This file contains a copy of the worm, so if it is run, the computer will be affected by Spybot.AKB.
The email message used to distribute the worm is like the following:
If the attached file called INVITATION CARD.ZIP is decompressed, users will see that i contains a file that seems to be an image, as it has a JPG extension. However, after several blank spaces the EXE extensions can be seen:
2.- P2P programs
In order to do so, it follows the routine below:
Spybot.AKB is written in the programming language Visual C++ v5. This worm is 419,328 bytes in size.
Research carried out by Aitor Crespo.