A new variant of the malicious Palevo worm has reared its head and is crawling its way from PC to PC via instant messaging (IM) spam. 
 
The worm automatically generates IM spam, luring unsuspecting users with a link that is accompanied by a grinning smiley face. To the recipients of this spam, it will appear that the link will be taking them to an image or photo gallery. Instead of doing that though, it asks the recipients to save a file that appears to be a .JPG file, but in reality is an executable file that is hiding its nasty payload (Worm.P2P.Palevo.DP.).
 
If you don’t have an anti-virus or internet security solution installed on your PC, the worm creates numerous hidden files within the Windows folder (mds.sys, mdt.sys, winbrd.jpg, infocard.exe). It then changes a few registry keys to point towards these files, so that it can extinguish the OS’ firewall. At that point remote attackers have unrestricted access to do whatever they want with your computer whenever you are online, including intercepting the passwords that you’re entering via Mozilla Firefox or Microsoft Internet Explorer web browsers. The latter makes this worm particularly dangerous to people who use e-banking and on-line shopping services. It can also spread to the home- or office network and by way of your USB memory stick, where it creates autorun.inf files pointing to its copy.
 
“We recommend users to be extremely cautious and not to click any suspicious links they receive via IM clients before checking with their senders the validity of the Web sites towards which these links point. This Palevo offensive is highly aggressive and during the very beginning of the outbreak we have witnessed rates of infection which easily exceeded 500 percent growth per hour for countries like Romania, Mongolia or Indonesia”, said Catalin Cosoi, senior researcher at BitDefender. For more info on the Palevo worm as well as other internet-based threats go to www.malwarecity.com.