2 min read

Extremely aggressive worm chokes instant messaging

Răzvan LIVINTZ

May 03, 2010

Extremely aggressive worm chokes instant messaging

The latest offspring of the Palevo family has begun spreading these days via a massive wave of automatically generated IM spam. The unsolicited message incites the recipients to click a link accompanied by a grinning smiley face, which purportedly leads them to an image or photo gallery.

Palevo worm via IM

Figure 1 ” The unsolicited IM spam that brings Palevo

Instead of opening the alleged image collection, the users are tricked into saving what seems to be a .JPG file, which is, in effect, an executable concealing the malicious payload ” Worm.P2P.Palevo.DP.

Palevo worm via IM img 2

Figure 2 ” The apparent .JPG is an .EXE file delivering the worm

Having an unprotected system infected with Palevo.DP is a synonym for mayhem. First and foremost, the worm creates several hidden files in the Windows folder: mds.sys, mdt.sys, winbrd.jpg, infocard.exe and modifies some registry keys to point towards these files in order annihilate the OS’ firewall.

As its siblings, Palevo.DP holds a backdoor component, which allows remote attackers to seize control over the compromised computer and do whatever they want with it ” from installing additional malware and swiping files to launching spam campaigns and malware offensive on other systems.

Palevo family is also able to intercept passwords and other sensitive data entered in Mozilla® Firefox® and Microsoft® Internet Explorer® Web browsers, which makes it extremely risky to users relying on e-banking or on-line shopping services.

The spreading mechanism also comprises the infection of network shares and removable USB storage devices, where it creates autorun.inf files pointing to its copy. When the removable disk or memory stick is inserted into machines with the Autorun feature enabled or unprotected by a security solution with on-access scanning capability, the system is automatically infected.

Palevo worms also affect users of the P2P sharing platforms, such as Ares, BearShare, iMesh, Shareza, Kazaa, DC++, eMule and LimeWire, by adding their code to the shared files.

We recommend users to be extremely cautious and not to click any suspicious links they receive via IM clients before checking with their senders the validity of the Web sites towards which these links point. This Palevo offensive is highly aggressive and during the very beginning of the outbreak we have witnessed rates of infection which easily exceeded 500 percent per hour for countries like Romania, Mongolia or Indonesia

The information in this article is available courtesy of Bogdan Timofte, BitDefender Threats Researcher.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read