Beware: Palevo Botnet Family Chats Up a Storm Launching Attacks on Infected PCs

Feeling chatty? If you are the friendly type and often click on unsolicited IM messages, you may have accidently invited inside a nasty computer worm. Worm.P2P.Palevo.DP is the detection for a malicious computer worm springing from the Palevo family, one of the largest botnets crippling poorly protected systems.

The Internet is swarming with malware, aka malicious programs that are able to rob and steal data and system resources from anorexic computer systems. But don't feel bad if you've unknowingly fallen victim by clicking, computer worms don't really need your help to propagate or gain entry. Computer worms can travel node to node by hiding or attaching to scripting, code or programming on files running through the veins or ports of the Internet. So why run a scam that is dependent on human aid? Judging by the smiley face graphic posted with the baited message, some scammer is having a little fun at your expense.

PC users are being presented with an unsolicited IM message providing a link insinuating clicking will lead to view of an image or photo gallery. The truth is clicking will display a prompt requiring PC users save the .jpeg, and for those that follow through, they are in actuality saving a malicious executable housing Worm.P2P.Palevo.DP. When executed, the slimy impersonator slips right in, well, if the computer system is absent a stealth antimalware solution to block the invasion.

If able to penetrate the PC's defenses or lack thereof, Worm.P2P.Palevo.DP will unleash a very strategic attack. Files will be created and hidden in the Windows folder. The registry will be edited to point to and serve up (i.e. execute) these malicious files (ex. mds.sys, mdt.sys, winbrd.jpg, infocard.exe, etc.), thus bypassing and fooling the Windows firewall. Worm.P2P.Palevo.DP is multi-layered, which means it is comprised of various components allowing it to open a backdoor that allows a hacker to gain remote access. Worm.P2P.Palevo.DP is programmed to steal vital data stored in the browser cache, harvest email addresses in HTML pages or on the hard drive, and gather up system data exposing weaknesses open to exploits. The infected system will be added to a botnet, a group of compromised systems, to launch a denial of service (DDoS) attack against fundamental or industrialized websites.

Worm.P2P.Palevo.DP is able to replicate and will open a FTP or HTTP port to email a copy of its poison to all persons listed on the victim's email contact list, But this is only the beginning, Worm.P2P.Palevo.DP will copy its infectious program to executables, external drives, IM messaging, network shares and any other fire sharing applications. The growing drama could overwhelm the victim's system resources and cause an undue system crash.

Systems infected by Worm.P2P.Palevo.DP usually slow progressively before ultimately crashing and usually exhibit other negative system behaviors. For example, the browser may reroute traffic to unwanted URLs, including those that encourage click fraud to earn a hacker undue pay-per-click residuals. The victim may notice a floodgate of annoying pop-up advertisements that were once blocked by browser settings. Some drivers may fail, including ones that run the mouse or keyboard.

Any suspicious behaviors should be met with action, the use of a reliable scanning tool to thoroughly investigate. Removing computer worms can be tricky, since many are infused with rootkit technology that helps mask and bury malicious files and components. If malicious files are named to read the same as legitimate operating system files, an erroneous removal or deletion could be deadly to your operating system and may wipe clean your valuable data. Don't risk coming out on the losing end. Use a professional anti-malware solution equipped with an anti-rootkit that can unearthed hidden malware and remove without causing further harm to your intellectual property.