Fighting malware and spam

Stration worm building steadily

Mass-mailer evolving as botnets spread.

The Stration mass-mailing worm, also called Warezov by some vendors, has been spreading steadily over the last few weeks, with the creators using advanced evolution techniques to avoid detection. The emails carrying the worm often masquerade as security alerts or email bounces.

Numerous labs have alerted on another upswing of reports, with a new set of variants. From a small starting base, the controllers of the worm appear to be tweaking their creation with each generation to ensure they get past AV signatures, and often making machines already infected with earlier variants upgrade themsleves to run the latest version. As each generation spreads to new hosts, the botnets and associated waves of network activity grow in stages, with the latest the biggest yet.

Threat-watching websites are displaying a lot of orange, as alert levels move up towards medium as a result of Stration, and the recent batch of IE vulnerabilities. Some graphical demonstration of the worm's seeding patterns can be seen at Fortinet's Fortiguard Center. More commentary on the outbreak and analysis of various versions can also be found at sites such as Avira, F-Secure, Sophos or Kaspersky.

04 October 2006

Tags: virus