[Malware Review] Worm.P2P.Palevo.B Hiding in Your Recycle Bin

Initially spotted in late June this year, Worm.P2P.Palevo.B is an extremely aggressive e-threat primarily aiming at peer-to-peer service users


One of the first symptoms of infection is increased network activity on UDP ports originating from explorer.exe and the presence of a hidden file called sysdate.exe inside the “%systemdrive%RECYCLERS-1-5-21-[random groups of digits]” folder.

The worm has been designed in a manner to allow it to spread via multiple channels. It can add its code to the list of P2P shares on popular file-sharing applications such as Ares, BearShare, iMesh, Shareza, Kazaa, DC++, eMule and LimeWire, but it would also infect any removable USB device plugged into an already-infected machine or even network drives mapped locally.

Worm.P2P.Palevo.B is also able to send links to infected websites if it detects the presence of MSN Messenger on the compromised system, thus luring unwary contacts into installing the worm
from a remote location.

The worm does not limit its destructive habits to infecting other hosts and leaving the user with a barely usable system because of its increased activity. It is also able to intercept passwords and other sensitive data entered in Mozilla Firefox and Microsoft Internet Explorer web browsers, which makes it extremely risky to users relying on e-banking or online shopping services.

Worm.P2P.Palevo.B features a backdoor component that allows remote attackers to seize control over the infected machine and manipulate it according to their own needs (for instance, to install additional software, to export locally saved documents, to manipulate online voting from various IPs, or even to launch TCP/UDP flood attacks against Internet servers).

In order to stay safe and fully enjoy your Internet experience, BitDefender recommends that you install and regularly update an anti-malware suite with anti-virus, anti-spam, anti-phishing and firewall modules.

Information in this article is available courtesy of BitDefender  virus researcher Mihai Stoicoi.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.