Home Malware Programs Worms Kepsy


Posted: January 30, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 37
First Seen: January 30, 2013
OS(es) Affected: Windows

Kepsy is a worm that usually is installed as part of a component of Bublik and other multiple-component PC threats. As just a small tool in a large toolkit of software that's devoted to attacking your PC, Kepsy's main duty is to assist with Bublik's distribution by spamming instant messenger communications with links to Bublik enclosed within them. Kepsy also may interfere with other features of Skype to avoid detection. SpywareRemove.com malware researchers recommend that you avoid any contact with a Kepsy-infected PC, which usually will be infected by Bublik and, potentially, other types of malware with self-distribution features. However, professional anti-malware applications should be able to delete Kepsy and Bublik entirely if given the opportunity to do so.

Kepsy: the Helping Hand to a Security Hazard

Rather than being an independently-functioning malware program, Kepsy usually is installed as just one part of a larger infection, which, in current analyses, inevitably is the fellow worm Bublik. Current versions of Kepsy limit their attacks to two major functions, only one of which even is targeted at the PC that Kepsy infects. SpywareRemove.com malware experts outlined these attacks as follows:

  • Kepsy will send Skype-based instant messaging spam to harvested account names. This spam is used to distribute Bublik, a related worm that includes major downloading and backdoor-related features that form the bulk of any Kepsy-Bublik combination infection. A typical spam message from Kepsy will disguise the installer link to Bublik as a harmless file, such as a picture.
  • To cover up its tracks from the above operation, Kepsy also erases the PC user's Skype history. This prevents the PC user from being aware of Kepsy's exploitation of Skype to distribute Bublik.

What It Comes Down to When You Let Kepsy Do As It Wilt with Your Instant Messenger

While Kepsy may cause some minor system instability issues by using your PC's RAM and other resources to distribute spam messages, SpywareRemove.com malware researchers warn that Kepsy doesn't have any highly visible symptoms that would tip victims off to its presence. Likewise, its fellow worm, Bublik, also avoids displaying signs of its attacks – even while Bublik compromises your PC's security and as good as gives total control of your PC to a criminally-operated server.

Since Kepsy usually is related to Bublik infections, SpywareRemove.com malware researchers strongly urge you to use anti-malware software with extensive scanning features to detect Kepsy and related PC threats. Deleting Kepsy also requires that you delete, at the very least, Bublik. Until this is accomplished, you should prevent other PCs from accessing your computer's network-shared folders or sharing removable devices (USB drives, etc). In addition to the previously-mentioned Skype spam, either of these routes can be used as Bublik infection vectors.

Technical Details

Additional Information

The following URL's were detected: