I decided to continue my "a short visit to" series, with a brief analysis of the worm Palevo. Don´t expect too much it is just a summary of findings i came across…the PDF file is here.
Abstract:
This paper describes a short manual analysis of the worm Palevo. We show how we first noticed the worm at our honeypot installation and describe the currently broken propagation mechanism that exploits the MS08-067 vulnerability. We then briefly discuss Palevos general features, analyse the botnet channel, and describe the propagation mechanisms that are used. To be conform with the majority of anti-virus vendors regarding the naming of the malware, we use Palevo as the name throughout the paper. Note, that Palevo is also often called Pushbot by some anti-virus vendors.
View full post on Virus Blog
Related Posts
- Twitter worm Profile Spy spreading fast.
It appears that a new Twitter scam is making its way in lots of innocent users twitter account. We call this a Profile Spy worm app. Its basically a rogue Twitter application known as Profile Spy whi... - Worm Poses as a Font File, Uses LNK Vulnerability to Propagate
We recently encountered a malware posing as a legitimate font file. Detected as WORM_OTORUN.ASH, the worm is a .DLL file that uses .FON as extension name. To propagate, it drops copies of itself into ... - New Yahoo! Messenger worm
We have recently learned about the existence of a new Yahoo! Messenger worm doing the rounds. Potential victims receive instant messages from contacts in their list, containing a link claiming to be a... - Memories of the Anna Kournikova worm
It's ten years ago today since the Anna Kournikova worm spread around the world, offering the promise of pictures of the Teutonic tennis temptress but in reality infecting your Windows computer with a... - New Facebook worm – don’t click da’ button baby!
Thanks to a tip-off from colleague Gadi Evron, I've just spent some time looking into the latest Facebook worm after he alerted Facebook about it.
Like so many past worms, this one uses a suggesti... - Introducing: Palevo Tracker
Today we are going to talk about a nasty worm called Palevo.
Palevo (also known as Rimecud, Butterfly bot or Pilleuz) made some big press in 2009 when Panda Security announced the coordinated takedown... - Keeping Money Mule Recruiters on a Short Leash – Part Five
http://3.bp.blogspot.com/_wICHhTiQmrA/TUPgagiKx-I/AAAAAAAAE0c/wxcM0dZCpFY/s72-c/mule_recruitment_test_1.bmp With money mule recruitment continuing to represent the most actively used risk-forwarding t... - Blog: New Twitter worm redirects to Fake AV
A new Twitter worm is spreading fast, using the “goo.gl” URL shortening service to distribute malicious links
Full story: Securelist / All Updates... - Israel tested Stuxnet worm, says report
The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was reportedly created by Israel and the U.S.
Full story: Computerworld Security News... - Facebook photo album chat messages spreading worm
A new variant of the Koobface worm was making the rounds today on Facebook. This is particularly bad news. Most of the Facebook scams we report on do not infect your computer with malware; they simpl...
Posted on 03 May 2010. Tags: Palevo, Short, Visit, worm, worm palevo
