Outbreak Name: Worm_Locksky.AB*
Outbreak Date: 1-07-06
IronPort's Virus Outbreak Filters Protect Customers from Locksky Outbreak Additional 2 Hours and 48 Minutes Protection
Background
IronPort's Virus Outbreak Filters protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent Locksky variant outbreak Outbreak Filters users were protected 2 hours and 48 minutes before an AV signature was available from any of the major AV vendors**. WORM_LOCKSKY.AB is a worm that that gathers email addresses from a user's Windows Address Book, as well as from files using the HTM extension name and sends copies of itself to these accounts. It spoofs the From field in order to trick the user into thinking that the email is from a legitimate source. The worm also logs keystrokes to record and steal confidential information.
Timeline
Outbreak Details & Timeline
| Date | January 7, 2006 |
| Name* | WORM_LOCKSKY.AB |
| 23:24 GMT | Virus detected, Threat Level raised and protection begins |
| 02:12 GMT - next day | First anti-virus signature published** |
Benefits
2 hours and 48 minutes of additional protection with Virus Outbreak Filters
* As named by Trend Micro.
** Calculated as first publicly published signature from any of the following vendors: Sophos, Trend Micro, Computer Associates, Kaspersky Labs, Symantec or McAfee. If signature time is not available, first publicly published alert time is used.
