Stration worm building steadily

Posted by   Virus Bulletin on   Oct 4, 2006

Mass-mailer evolving as botnets spread.

The Stration mass-mailing worm, also called Warezov by some vendors, has been spreading steadily over the last few weeks, with the creators using advanced evolution techniques to avoid detection. The emails carrying the worm often masquerade as security alerts or email bounces.

Numerous labs have alerted on another upswing of reports, with a new set of variants. From a small starting base, the controllers of the worm appear to be tweaking their creation with each generation to ensure they get past AV signatures, and often making machines already infected with earlier variants upgrade themsleves to run the latest version. As each generation spreads to new hosts, the botnets and associated waves of network activity grow in stages, with the latest the biggest yet.

Threat-watching websites are displaying a lot of orange, as alert levels move up towards medium as a result of Stration, and the recent batch of IE vulnerabilities. Some graphical demonstration of the worm's seeding patterns can be seen at Fortinet's Fortiguard Center. More commentary on the outbreak and analysis of various versions can also be found at sites such as Avira, F-Secure, Sophos or Kaspersky.

Posted on 04 October 2006 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.