Dangerous Stration Worm Spreads Critically Fast
The extremely quickly spreading worm uses not only mass-mailing but also spreads via contacts in ICQ. It can also threaten functioning of security application in user's computer.
Right now the Internet is exposed to one of the biggest virus outbreaks of last months - Win32/Stration. ESET strongly recommends to all computer users to be at alert while working with the Internet. "The worm is able to send an ICQ message to your friend that would look like a message from you. Therefore it is necessary to be at alert when working with IM clients," says Juraj Malcho, Eset's virus analyst. There is a link in infected ICQ message and by clicking on it, Stration worm installs to the computer. Malcho adds that this method is on the decline.
At present the worm spreads mostly via e-mail. On the user's computer it searches the addresses where it sends itself. According to ThreatSense.Net, Eset's monitoring system, e-mails with these subjects can be infected:
Error, Good day, Hello, Mail Delivery System, Mail server report, Mail Transaction Failed, Picture, Server Report, Status, test
E-mail attachement is an executable file or ZIP archive. The attachement is often named on the basis of Update-KB-abcd-x86 scheme, where "abcd" can be a variable number. After opening the attachement the presence of the worm can be indicated by popping up a message about successful Windows update installation. "Last 24 hours we have registered every seventh e-mail as infected by Stration," says Juraj Malcho. Therefore ESET strongly recomends not to open attachements in spams or e-mails from unknown senders.
Another particularity of this worm is turning off the security applications, including ESET NOD32 Antivirus. Unlike other antivirus systems that do not inform their users about Stration's attack, ESET NOD32 pops up a warning window. Updated NOD32 is imune against Stration since virus signature database version 1.1816. This is due to ThreatSense heuristic technology able to identify and clean even its eventual mutations. Now there are dozens of them and new ones are still coming.
At present the worm spreads mostly via e-mail. On the user's computer it searches the addresses where it sends itself. According to ThreatSense.Net, Eset's monitoring system, e-mails with these subjects can be infected:
Error, Good day, Hello, Mail Delivery System, Mail server report, Mail Transaction Failed, Picture, Server Report, Status, test
E-mail attachement is an executable file or ZIP archive. The attachement is often named on the basis of Update-KB-abcd-x86 scheme, where "abcd" can be a variable number. After opening the attachement the presence of the worm can be indicated by popping up a message about successful Windows update installation. "Last 24 hours we have registered every seventh e-mail as infected by Stration," says Juraj Malcho. Therefore ESET strongly recomends not to open attachements in spams or e-mails from unknown senders.
Another particularity of this worm is turning off the security applications, including ESET NOD32 Antivirus. Unlike other antivirus systems that do not inform their users about Stration's attack, ESET NOD32 pops up a warning window. Updated NOD32 is imune against Stration since virus signature database version 1.1816. This is due to ThreatSense heuristic technology able to identify and clean even its eventual mutations. Now there are dozens of them and new ones are still coming.
