Stration

Stration (also known as Stratio and Warezov) is a family of computer worms that can affect computers running Microsoft Windows, disabling security features and propagating itself to other computers via e-mail attachments. This family of worms is unusual in that new variants are being produced at an unprecedented rate, estimated to be up to one every 30 minutes at its peak, and downloaded from remote servers by infected machines to speed propagation.[1] This makes detection and removal a particular challenge for anti-virus software vendors, because new signature files for each variant need to be issued to allow their software to detect them.

Details

The first variant of the Stration family was reported in late September 2006.[2] It was quickly discovered that the worm program, as well as propagating itself by sending out copies via e-mail, was downloading new variants from one of a number of remote servers. These variants were generated by a program on those servers under control of the worm's creator(s). Computer security firm F-Secure has worked with ISPs to shut down domains hosting the variants of the worm.[1] In November 2006, the Stration worm was the most widespread malware infection reported, accounting for around one-third of reported infections.[3]

The Stration worms employ social engineering to infect the target machine by arriving in an e-mail masquerading as a report from a mail server informing the recipient (in somewhat broken English) that their computer is infected due to an unpatched security flaw in Windows, and offering as an attachment a purported fix, which is in fact the worm program itself.[4] Some later variants of the worm spread via instant messenger and Skype chat alerts containing a URL leading to the worm.[5]

Notes

  1. ^ a b Kirk, Jeremy (2006-10-31). "Tricky New Malware Challenges Security Vendors - PC World". Archived from the original on 2007-02-17.
  2. ^ "W32.Stration@mm - Symantec.com". 2006-10-03.[dead link]
  3. ^ "Sophos announces top ten threats and hoaxes reported in November 2006".
  4. ^ "Spreading Stration worm pretends to be security patch". 2006-09-25.
  5. ^ "Warezov worm fiends target Skype". The Register. 2007-02-28.