Our older acquaintance, Palevo, just gave birth to a new offspring, which has already begun to spread, just as its older brothers, by large waves of automatically generated IM spam. The current messages are similar to those displayed in the previous distribution campaigns: a link functioning as an invitation for IM users to enjoy an alleged “must-see” photo, apparently available in the gallery of a very popular social network.
Figure 1 – The link purporting to reveal an interesting photo
Instead of the promised image, the user receives the freshly born Worm.P2P.Palevo.FP. Once it gets into the operating system, this new Palevo variant changes the firewall settings by adding itself as an authorized program, which enables attackers to control unhindered the compromised computers.
Compared to its siblings, this version is perhaps more hazardous. Palevo.FP adds to its malicious arsenal the capacity to disable Microsoft® Windows® Automatic Updates Service, thus exposing the OS to the risk of being additionally exploited by breaches, glitches and backdoors left unpatched.
To check whether or not your system is infected, run a QuickScan.
To make sure your system is clean, download and execute the new free Palevo removal tool that my colleagues from the labs recently crafted.
Safe surfing, everybody!
The technical description and the removal tool referenced in this article are available courtesy of Daniel Chipiristeanu, BitDefender Threats Researcher.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.