Thursday, June 4, 2009

How to Detect and Remove Stration Worm

Method of spread: The Stration worm spreads via email, using a variety of subject lines and message text. The attachment carried by the Stration email may be named one of the following:

body , data , doc, document , file

The attachment will have a .exe, .scr, or .ziq extension, but it may also use a double extension ruse to hide the executable extenion on some versions of Windows. Enable file extension viewing to correctly identify the extension.

The Stration worm uses various message bodies in order to entice recipients into opening the infected attachment. In some cases, the email may claim to be a failed or rejected message. In other cases, the worm masquerades as a 'worm elimination' update. A partial example of a typical Stration email message follows:

Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses.

Please install updates for worm elimination and your computer restoring.
The Stration email worm attempts to download a file from a remote website. It also scours a wide range of file types found on the infected system, harvesting email addresses and sending its infected email to the discovered addresses.

Symptoms of Infection:
Note: There are dozens of variants of the Stration worm. The following technical details may not apply to each of them. To determine whether a Stration infection is present, scan your systems with up-to-date antivirus software.

See Also
spyware removal software
HTTP Header in Mozilla Firefox
Is Your Cell Phone Spying on You?
Browser History Sniffing

No comments:

Post a Comment