Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have announced
the discovery of a new version of the Stration worm spreading via
email systems.
The W32/Stratio-AN worm has
been aggressively distributed by its author since the early hours
of Monday morning. It spreads via email using a variety of
disguises, including one which ironically poses as a warning that
the recipient's computer has been determined to be infected by a
worm:
Subject line:
Mail server report.
Message text:
Mail server report.
Our firewall determined the e-mails containing worm copies
are being sent from your computer.
Nowadays it happens from many computers, because this is a
new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the
computer unnoticeably. After the penetrating into the computer the
virus harvests all the e-mail addresses and sends the copies of
itself to these e-mail addresses
Please install updates for worm elimination and your
computer restoring.
Best regards,
Customers support service
Attached file:
Update-KB7859-x86.zip (which
contains the file Update-KB7859-x86.exe)
"This new offspring of the Stration worm is being seen widely at
email gateways today, attempting to infect unsuspecting computer
users," said Graham
Cluley, senior technology consultant for Sophos. "Anyone
accessing their email has to learn to resist the temptation of
opening unsolicited attachments, and ensure their anti-virus
protection is kept fully up-to-date."
Sophos experts believe that the worm is using the disguise of a
worm warning to play on concern about an unpatched vulnerability in
Microsoft's software.
"Many Windows users are waiting anxiously for Microsoft to fix
the VML flaw
in its code, which has been exploited by hackers online," continued
Cluley. "It's possible that the people behind the Stration worm are
playing on the internet community's heightened concern while they
are left unprotected by Microsoft, and may be able to fool innocent
users into rushing into running the malicious update. The lesson to
learn is that you should only ever get your security patches from
the vendors' official website, not from an unsolicited email."
Sophos recommends that companies protect their email computers
with an automatically updated consolidated
solution to defend against viruses, spyware and spam, as well
as apply an email policy that filters unsolicited executable code
at the gateway.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.