WORM_PALEVO.ES


 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Worm

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This worm arrives by connecting affected removable drives to a system. It may be unknowingly downloaded by a user while visiting malicious websites.

It connects to certain URLs. It may do this to remotely inform a malicious user of its installation. It may also do this to download possibly malicious files onto the computer, which puts the computer at a greater risk of infection by other threats.

  TECHNICAL DETAILS

File Size:

118,784 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

06 Jul 2011

Arrival Details

This worm arrives by connecting affected removable drives to a system.

It may be unknowingly downloaded by a user while visiting malicious websites.

Installation

This worm drops the following component file(s):

  • {removable drive}\recycler.lnk

It drops the following copies of itself into the affected system:

  • {removable drive}\RECYCLER\{random}.exe

It creates the following folders:

  • {removable drive}\RECYCLER

Download Routine

This worm connects to the following malicious URLs:

  • {BLOCKED}enial.com
  • {BLOCKED}ebsite.com
  • {BLOCKED}ctronix.com
  • {BLOCKED}xs.com

Other Details

This worm connects to the following URL(s) to get the affected system's IP address:

  • http://{BLOCKED}i.{BLOCKED}nia.com

Related Malware