Worm.P2P.Palevo.B Hiding in Your Recycle Bin – Weekly Malware Review
/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-fareast-font-family:”Times New Roman”;
mso-bidi-font-family:”Times New Roman”;
One of the first symptoms of
infection is increased network activity on UDP ports originating from
explorer.exe and the presence of a hidden file called sysdate.exe inside the
“%systemdrive%RECYCLERS-1-5-21-[random groups of digits]” folder.
The worm has been designed in a
manner to allow it to spread via multiple channels. It can add its code to the
list of P2P shares on popular file-sharing applications such as Ares,
BearShare, iMesh, Shareza, Kazaa, DC++, eMule and LimeWire, but it would also
infect any removable USB device plugged into an already-infected machine or
even network drives mapped locally.
Worm.P2P.Palevo.B is also able to
send links to infected websites if it detects the presence of MSN Messenger on
the compromised system, thus luring unwary contacts into installing the worm
from a remote location.
The worm does not limit its
destructive habits to infecting other hosts and leaving the user with a barely
usable system because of its increased activity. It is also able to intercept
passwords and other sensitive data entered in Mozilla Firefox and Microsoft
Internet Explorer web browsers, which makes it extremely risky to users relying
on e-banking or online shopping services.
Worm.P2P.Palevo.B features a
backdoor component that allows remote attackers to seize control over the
infected machine and manipulate it according to their own needs (for instance,
to install additional software, to export locally saved documents, to
manipulate online voting from various IPs, or even to launch TCP/UDP flood
attacks against Internet servers).
In order to stay safe and fully
enjoy your Internet experience, BitDefender recommends that you install and
regularly update an anti-malware suite with anti-virus, anti-spam,
anti-phishing and firewall modules.
Information in this article is
available courtesy of BitDefender virus researcher Mihai Stoicoi.