Home / malware Worm.P2p.Palevo.B
First posted on 21 November 2011.
Source: BitDefenderAliases :
Worm.P2p.Palevo.B is also known as Rimecud.B, HLLW.Lime, Peerfrag, Pilleuz.
Explanation :
Spreading methods:
Supports P2P: Ares, BearShare, iMesh, Shareza, Kazaa, DC++, eMule, LimeWire.
Supports MSN Messenger as vector.
Supports infecting USB Media.
Has Mozilla and IE password harvesting capability.
Has TCP/UDP flooding capabilities.
Has Backdoor capability.
The infected exe installs itself on the system by copying itsesf in the Rcycler folder and adds itself in the registry to be active at startup, then it decrypts code on the stack and injects it in "explorer.exe". This injected component is the payload.
explorer.exe holds mutex: i4__s__frgk665fn.Last update 21 November 2011