Vulnerable computer systems and applications:
Palevo is a computer worm, a self-spreading malware. Unlike viruses, no user intervention is required for the worm to spread as it spreads through the certain vulnerabilities in computer systems and networks. Palevo computer worm is a known Mariposa botnet component, whose main activity is to add an infected computer to the botnet network. A computer running on such a network can subsequently be exploited to run DDoS attacks. The following activities can also be executed:
- Connecting to a remote C&C server, which would permit remote access to the device;
- Downloading and installing additional malware;
- Collecting personal information and sending it to attackers.
The Palevo worm spreads via P2P (peer-to-peer) networks, external data carriers and instant messaging platforms (Skype, Jabber, MSN Messenger). Three known security vulnerabilities CVE-2003-0352, CVE-2005-0059, CVE-2005-1983 are being exploited. The worm changes registry keys values and attaches itself to system files, allowing it to run even after the computer is rebooted.
Recommendations in case of infection:
- Isolate the infected computer from the external network;
- Perform a system scan with anti-virus software;
- Use System Restore to restore modified registries and infected system files;
- Disable Autorun;
- Back up all your important data and reinstall your operating system if you notice signs of a renewed worm activity;
- If there are many computers running on an inner network, disconnect them from the network and completely repeat the above steps.