Gorinchem, September 25, 2006 - IT security firm Sophos has announced the discovery of a new version of the Stration worm spreading via email systems. The Stratio-AN worm has been aggressively distributed by its author since the early hours of Monday morning. It spreads via email using a variety of disguises, including the example below which ironically poses as a warning that the recipient's computer has been determined to be infected by a worm:
------------------------------------
Subject line: Mail server report.
Message text:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Attached file: Update-KB7859-x86.zip which contains Update-KB7859-x86.exe
-------------------------------------
"This new offspring of the Stration worm is hitting email gateways hard, attempting to infect unsuspecting computer users," said Graham Cluley, senior technology consultant for Sophos. "Anyone accessing their email has to learn to resist the temptation of opening unsolicited attachments, and ensure their anti-malware protection is kept fully up-to-date."
Sophos experts believe that the worm is using the disguise of a security warning to play on concern about an unpatched vulnerability in Microsoft's software.
"Many Windows users are waiting anxiously for Microsoft to fix the VML flaw in its code, which has been exploited by hackers," continued Cluley. "It's possible that those behind the Stration worm are playing on the internet community's heightened concern over being left unprotected by Microsoft. As a result the perpetrators may be able to fool innocent users into rushing into running the malicious update. The lesson to learn is that you should only ever get your security patches from the vendors' official website, not from an unsolicited email."
Sophos recommends that companies protect their email computers with an automatically updated consolidated solution to defend against viruses, spyware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway.
For further information can be found at:
http://www.sophos.com/pressoffice/news/articles/2006/09/stration-worm.htmlAbout Sophos Benelux
Sophos Benelux, a Sophos distributorship located in Gorinchem, is dedicated to providing Sophos solutions and services to its partners, resellers and customers in the Benelux region. Sophos is a world leader in integrated threat management solutions, developing protection against viruses, spyware, spam and policy abuse for business, education and government.
About Sophos
Sophos is a world leader in integrated threat management solutions, developing protection against viruses, spyware, spam and policy abuse for business, education and government. Sophos’s reliably-engineered, easy-to-operate products protect more than 35 million users in more than 150 countries. Through 20 years’ experience and a global network of threat analysis centers, the company responds rapidly to emerging threats – no matter how complex – and achieves the highest levels of customer satisfaction in the industry.
For more information, please contact:
Sophos
Marnix van Meer
Tel: +31 655700255
m.vanmeer(at)sophosbenelux.com
Creative Strategies
Elke De Ridder
Tel: +32 2 267 41 60
ederidder(at)creative-strategies.be