Palevo.A.7056 is a worm known by its executable name, junaci.exe. Palevo is spreading through autorun feature of usb drives, messengers and P2P. It works on Windows 200, 2003 and XP. Junaci modifies Windows registry and drops malicious files. It has low damage potential.
Spread methods Edit
Palevo spreads through 3 ways: USB drives, Messengers and P2P. When it gets access to any pc it adds registry key to run its code on boot.
Infecting USB Edit
When plugging any storage device to infected computer, Junaci copies itself into UNUCI folder and creates autorun file running malicious code. After plugging the device into healthy computer, Junaci copies itself into %HOME%/csrss.exe
MSN Messenger Edit
Junaci was written in Visual C++