high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Protection available since | 15 August 2006 13:22:15 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Stration-A is a mass-mailing worm for the Windows platform.
W32/Stration-A spreads by sending emails with itself as an attachment. Emails take the following form.
The subject line is chosen from the following:
hello
picture
Server Report
Status
test
Good Day
Error
Mail Delivery System
Mail Transaction Failed
The message text is chosen from the following:
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sentas a binary attachment.
The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment.
The worm is included as a file attachment with a filename of the following form. The attachment filename starts with one of the following:
body
data
doc
docs
document
file
message
readme
test
text
The filenames have a double file extension, with a large number of spaces between the two file extensions. For instance, a typical filename might be:
body.log .cmd
When first run W32/Stration-A opens a notepad window displaying an apparently meaningless data file.
W32/Stration-A also attempts to download further executable code. W32/Stration-A is a mass-mailing worm for the Windows platform.
W32/Stration-A spreads by sending emails with itself as an attachment. Emails take the following form.
The subject line is chosen from the following:
hello
picture
Server Report
Status
test
Good Day
Error
Mail Delivery System
Mail Transaction Failed
The message text is chosen from the following:
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sentas a binary attachment.
The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment.
The worm is included as a file attachment with a filename of the following form. The attachment filename starts with one of the following:
body
data
doc
docs
document
file
message
readme
test
text
The filenames have a double file extension, with a large number of spaces between the two file extensions. For instance, a typical filename might be:
body.log .cmd
When first run W32/Stration-A opens a notepad window displaying an apparently meaningless data file.
W32/Stration-A also attempts to download further executable code.
W32/Stration-A copies itself to <Windowsgt;\svchost32.exe and also to the Temp folder, with names similar to those used for email attachments.
|
