Stration Worm Pretends to be Security Patch
The latest version of 'Stration' worm was discovered on 25th September 2006, which, by posing as an update, invaded and infected computers widely. According to anti-virus firm Sophos, the W32/Stration-AN worm is the fourth most extensively existing virus since it started to spread on September 25. The latest reports said that Stration-AN is spreading very fast. The company has warned people to be wary of this worm.
The new Stration worm is profusely striking e-mail gateways compromising computers. The malicious code meanders its way through e-mails under a number of disguises. The most common one is posing as a warning that a worm has infected the recipient's computer and must use its recommended update.
The subject line of the e-mail is phrased as "Mail server report". The body message says that the server's firewall has detected e-mails containing copies of worms are being dispatched from the recipient's computer. It further says that since the virus type is new (Network Worms), the user should install worm elimination updates to restore the computer.
The message then warns that the new bug in the Windows infects the computer without any previous notice. When the virus enters the computer, it replicates itself and sends themselves to all the e-mail addresses listed in the computer.
The e-mail is worded in poor English and can easily fool the recipient into downloading the worm-loaded attached file.
According to Graham Cluley, senior technology consultant for Sophos, it is possible that the Stration worm senders are exploiting the fact that Microsoft has still not fully protected the Internet users. As a result, the innocent users rush into downloading the malicious patch.
Everyone who accesses his e-mail must resist from opening unsolicited attachments. He must also make sure that he has a fully up-to-date anti-malware security. The virus creator is probably taking advantage of people's troubled minds about the still unfixed Microsoft security hole.
Security experts advise PC users not to download security patches coming from unknown sources. Rather, they should get the authentic patches from the software vendors' official websites only to save themselves from faked ones.
» SPAMfighter News - 06-10-2006