You Are Here: Home » MalwareCity » WEEKLY REVIEW » Worm.P2P.Palevo.B Hiding in Your Recycle Bin – Weekly Malware Review

Worm.P2P.Palevo.B Hiding in Your Recycle Bin – Weekly Malware Review

1024×768

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

One of the first symptoms of
infection is increased network activity on UDP ports originating from
explorer.exe and the presence of a hidden file called sysdate.exe inside the
“%systemdrive%RECYCLERS-1-5-21-[random groups of digits]” folder.

The worm has been designed in a
manner to allow it to spread via multiple channels. It can add its code to the
list of P2P shares on popular file-sharing applications such as Ares,
BearShare, iMesh, Shareza, Kazaa, DC++, eMule and LimeWire, but it would also
infect any removable USB device plugged into an already-infected machine or
even network drives mapped locally.

Worm.P2P.Palevo.B is also able to
send links to infected websites if it detects the presence of MSN Messenger on
the compromised system, thus luring unwary contacts into installing the worm
from a remote location.

The worm does not limit its
destructive habits to infecting other hosts and leaving the user with a barely
usable system because of its increased activity. It is also able to intercept
passwords and other sensitive data entered in Mozilla Firefox and Microsoft
Internet Explorer web browsers, which makes it extremely risky to users relying
on e-banking or online shopping services.

Worm.P2P.Palevo.B features a
backdoor component that allows remote attackers to seize control over the
infected machine and manipulate it according to their own needs (for instance,
to install additional software, to export locally saved documents, to
manipulate online voting from various IPs, or even to launch TCP/UDP flood
attacks against Internet servers).

In order to stay safe and fully
enjoy your Internet experience, BitDefender recommends that you install and
regularly update an anti-malware suite with anti-virus, anti-spam,
anti-phishing and firewall modules.

Information in this article is
available courtesy of BitDefender
virus researcher Mihai Stoicoi.

 

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 333

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top