WORM_PALEVO.ES
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Worm
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This worm arrives by connecting affected removable drives to a system. It may be unknowingly downloaded by a user while visiting malicious websites.
It connects to certain URLs. It may do this to remotely inform a malicious user of its installation. It may also do this to download possibly malicious files onto the computer, which puts the computer at a greater risk of infection by other threats.
TECHNICAL DETAILS
Arrival Details
This worm arrives by connecting affected removable drives to a system.
It may be unknowingly downloaded by a user while visiting malicious websites.
Installation
This worm drops the following component file(s):
- {removable drive}\recycler.lnk
It drops the following copies of itself into the affected system:
- {removable drive}\RECYCLER\{random}.exe
It creates the following folders:
- {removable drive}\RECYCLER
Download Routine
This worm connects to the following malicious URLs:
- {BLOCKED}enial.com
- {BLOCKED}ebsite.com
- {BLOCKED}ctronix.com
- {BLOCKED}xs.com
Other Details
This worm connects to the following URL(s) to get the affected system's IP address:
- http://{BLOCKED}i.{BLOCKED}nia.com