1 min read

[Malware Review] Worm.P2P.Palevo.B Hiding in Your Recycle Bin

Bogdan BOTEZATU

December 04, 2009

[Malware Review] Worm.P2P.Palevo.B Hiding in Your Recycle Bin

 

One of the first symptoms of infection is increased network activity on UDP ports originating from explorer.exe and the presence of a hidden file called sysdate.exe inside the “%systemdrive%RECYCLERS-1-5-21-[random groups of digits]” folder.

The worm has been designed in a manner to allow it to spread via multiple channels. It can add its code to the list of P2P shares on popular file-sharing applications such as Ares, BearShare, iMesh, Shareza, Kazaa, DC++, eMule and LimeWire, but it would also infect any removable USB device plugged into an already-infected machine or even network drives mapped locally.

Worm.P2P.Palevo.B is also able to send links to infected websites if it detects the presence of MSN Messenger on the compromised system, thus luring unwary contacts into installing the worm
from a remote location.

The worm does not limit its destructive habits to infecting other hosts and leaving the user with a barely usable system because of its increased activity. It is also able to intercept passwords and other sensitive data entered in Mozilla Firefox and Microsoft Internet Explorer web browsers, which makes it extremely risky to users relying on e-banking or online shopping services.

Worm.P2P.Palevo.B features a backdoor component that allows remote attackers to seize control over the infected machine and manipulate it according to their own needs (for instance, to install additional software, to export locally saved documents, to manipulate online voting from various IPs, or even to launch TCP/UDP flood attacks against Internet servers).

In order to stay safe and fully enjoy your Internet experience, BitDefender recommends that you install and regularly update an anti-malware suite with anti-virus, anti-spam, anti-phishing and firewall modules.

Information in this article is available courtesy of BitDefender virus researcher Mihai Stoicoi.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read