A Short Visit To Worm Palevo
I decided to continue my "a short visit to" series, with a brief analysis of the worm Palevo. Don´t expect too much it is just a summary of findings i came across...the PDF file is here.
Abstract:
This paper describes a short manual analysis of the worm Palevo. We show how we first noticed the worm at our honeypot installation and describe the currently broken propagation mechanism that exploits the MS08-067 vulnerability. We then briefly discuss Palevos general features, analyse the botnet channel, and describe the propagation mechanisms that are used. To be conform with the majority of anti-virus vendors regarding the naming of the malware, we use Palevo as the name throughout the paper. Note, that Palevo is also often called Pushbot by some anti-virus vendors.
