SOURCE: BitDefender


May 03, 2010 15:30 ET

Extremely Aggressive Worm Chokes Instant Messaging

New Variant of Palevo Blasts Unprotected Systems via Fake Photo Gallery Links

BUCHAREST, ROMANIA--(Marketwire - May 3, 2010) -  BitDefender®, an award-winning provider of innovative anti-malware security solutions, today warned that the latest offspring of the Palevo family has begun spreading via a massive wave of automatically generated IM spam. The unsolicited message incites the recipients to click a link accompanied by a grinning smiley face, which purportedly leads them to an image or photo gallery.

Instead of opening the alleged image collection, the users are tricked into saving what seems to be a .JPG file, which is, in effect, an executable concealing the malicious payload -- Worm.P2P.Palevo.DP.

Having an unprotected system infected with Palevo.DP is a synonym for mayhem. First and foremost, the worm creates several hidden files in the Windows folder: mds.sys, mdt.sys, winbrd.jpg, infocard.exe and modifies some registry keys to point towards these files in order annihilate the OS' firewall.

As its siblings, Palevo.DP holds a backdoor component, which allows remote attackers to seize control over the compromised computer and do whatever they want with it -- from installing additional malware and swiping files to launching spam campaigns and malware offensive on other systems.

Palevo family is also able to intercept passwords and other sensitive data entered in Mozilla® Firefox® and Microsoft® Internet Explorer® Web browsers, which makes it extremely risky to users relying on e-banking or online shopping services.

The spreading mechanism also comprises the infection of network shares and removable USB storage devices, where it creates autorun.inf files pointing to its copy. When the removable disk or memory stick is inserted into machines with the Autorun feature enabled or unprotected by a security solution with on-access scanning capability, the system is automatically infected.

Palevo worms also affect users of the P2P sharing platforms, such as Ares, BearShare, iMesh, Shareza, Kazaa, DC++, eMule and LimeWire, by adding their code to the shared files.

"We recommend users to be extremely cautious and to not click any suspicious links they receive via IM clients before checking with the links' sender to verify the validity of the websites to which these links point," said Catalin Cosoi, BitDefender Senior Researcher. "The Palevo offensive is highly aggressive and during the very beginning of the outbreak we have witnessed rates of infection which easily exceeded 500 percent growth per hour for countries like Romania, Mongolia or Indonesia."

To date, the countries with the highest infection rates are:

  • Romania
  • Mongolia
  • Vietnam
  • Indonesia
  • Australia
  • Malaysia
  • Thailand
  • France
  • UK
  • Kuwait

For additional information about e-threats and tools for defending your data and systems check

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About BitDefender®
BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry's anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company's security solutions press room. Additionally, BitDefender's provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.

Contact Information