[Malware Review] Win32.Worm.Rimecud.C Lurking on P2P Networks

If you have been using Peer-to-Peer and Direct Connect services lately, you had better scan your system for a new and extremely annoying passenger you might have taken along with the downloaded data.

Initially spotted earlier this month, Win32.Worm.Rimecud.C is an Internet worm that aggressively attempts to spread itself either by directly infecting removable media or by sharing its binary code through Kazaa, DC++, LimeWire, eMule , iMesh or BearShare.

In order to infect USB storage devices, Win32.Worm.Rimecud.C creates a folder named USBSYSTEM, copies itself to the folder, and then creates in the device root an “autorun.inf” file which will run the infected binary each time the device is plugged in. The worm also spreads itself via MSN Messenger by sending automated messages containing links to copies of itself to the entire list of contacts.

Once it has successfully the local machine, the worm creates a copy of itself inside the “%systemdrive%RECYCLERS-1-5-21-[10-digits-random]-[10-digits-random]-[4-digits-random]” directory and modifies the directory’s attributes to hide it from Windows Explorer. The worm would subsequently register itself at the system start-up by adding a new entry to the Windows Registry under the name “Taskman”.

One of the first visible symptoms revealing the infection is the unusual slowdown of the computer. The worm uses most of the available bandwidth to perform some malicious tasks such as denial-of-service (DoS) and TCP-SYN flood attacks against remote hosts.

In order to avoid infections, we recommend that you install and regularly update a complete antimalware suite with antivirus, antispam, antiphishing and firewall modules.Information in this article is available courtesy of BitDefender virus researcher George Cabau.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.