Description:
On September 22, 2006, in the face of increasing infections and seemingly endless release of new variants into the wild, the Trend Micro Japan office declared a local alert to control the onslaught of WORM_STRATION, which was quickly gaining the notoriety for spawning iterations in rates not seen since 2005's MYTOB. In just a few weeks, WORM_STRATION was also found spreading like wild fire in the rest of the world, primarily in the US. Read an article documenting the STRATION event here: The STRATION Strategy. |
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm propagates by sending a copy of itself as an attachment to email messages, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. The said SMTP engine improves the propagation method of this worm since it is able to easily send email messages even without using other mailing applications, such as Microsoft Outlook.
To view the said email message, click here.
This worm gathers target email addresses from files with specific extension names. It also avoids email addresses that contain certain strings.
It spoofs the From field by using names that might be familiar to users and appending them with certain domain names.
It arrives on a system as a file attached to a spammed email message, or downloaded by TROJ_STRAT.DX.
Upon execution, this worm drops several files in the Windows folder and the Windows system folder.
Moreover, it downloads and executes files, which are also detected by Trend Micro as WORM_STRAT.DX, from several URLs.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 19, 2006 9:45:32 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
