W32/Stration-A

Category:	Viruses and Spyware	Protection available since:	15 Aug 2006 00:00:00 (GMT)
Type:	Win32 worm	Last Updated:	15 Aug 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Stration-A is a mass-mailing worm for the Windows platform.

W32/Stration-A spreads by sending emails with itself as an attachment. Emails take the following form.

The subject line is chosen from the following:

hello
picture
Server Report
Status
test
Good Day
Error
Mail Delivery System
Mail Transaction Failed

The message text is chosen from the following:

Mail transaction failed. Partial message is available.

The message contains Unicode characters and has been sentas a binary attachment.

The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment.

The worm is included as a file attachment with a filename of the following form. The attachment filename starts with one of the following:

body
data
doc
docs
document
file
message
readme
test
text

The filenames have a double file extension, with a large number of spaces between the two file extensions. For instance, a typical filename might be:

body.log .cmd

When first run W32/Stration-A opens a notepad window displaying an apparently meaningless data file.

W32/Stration-A also attempts to download further executable code. W32/Stration-A is a mass-mailing worm for the Windows platform.

W32/Stration-A spreads by sending emails with itself as an attachment. Emails take the following form.

The subject line is chosen from the following:

hello
picture
Server Report
Status
test
Good Day
Error
Mail Delivery System
Mail Transaction Failed

The message text is chosen from the following:

Mail transaction failed. Partial message is available.

The message contains Unicode characters and has been sentas a binary attachment.

The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment.

The worm is included as a file attachment with a filename of the following form. The attachment filename starts with one of the following:

body
data
doc
docs
document
file
message
readme
test
text

The filenames have a double file extension, with a large number of spaces between the two file extensions. For instance, a typical filename might be:

body.log .cmd

When first run W32/Stration-A opens a notepad window displaying an apparently meaningless data file.

W32/Stration-A also attempts to download further executable code.

W32/Stration-A copies itself to <Windowsgt;\svchost32.exe and also to the Temp folder, with names similar to those used for email attachments.

Try Sophos products for free
Download now