Posted by Virus Bulletin on Oct 4, 2006
Mass-mailer evolving as botnets spread.
The Stration mass-mailing worm, also called Warezov by some vendors, has been spreading steadily over the last few weeks, with the creators using advanced evolution techniques to avoid detection. The emails carrying the worm often masquerade as security alerts or email bounces.
Numerous labs have alerted on another upswing of reports, with a new set of variants. From a small starting base, the controllers of the worm appear to be tweaking their creation with each generation to ensure they get past AV signatures, and often making machines already infected with earlier variants upgrade themsleves to run the latest version. As each generation spreads to new hosts, the botnets and associated waves of network activity grow in stages, with the latest the biggest yet.
Threat-watching websites are displaying a lot of orange, as alert levels move up towards medium as a result of Stration, and the recent batch of IE vulnerabilities. Some graphical demonstration of the worm's seeding patterns can be seen at Fortinet's Fortiguard Center. More commentary on the outbreak and analysis of various versions can also be found at sites such as Avira, F-Secure, Sophos or Kaspersky.
Posted on 04 October 2006 by Virus Bulletin
