Stration virus on the rise by posing as security patch

A new version of the Stration worm discovered today is spreading by posing as a security patch attached to emails.

The W32/Stratio-AN worm is already the fourth most prevalent virus since being distributed by its author in the early hours of Monday morning, according to anti-virus company Sophos.

The code spreads via email using a variety of disguises, including one which poses as a warning that the recipient’s computer has been infected by a worm.

Emails with the subject line ‘mail server report’ are hitting inboxes around the world.

The message text reads: ‘Our firewall determined the e-mails containing worm copies are being sent from your computer.’

It goes on to warn the recipient: ‘Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the viruses harvests all the e-mail addresses and send the copies of itself to these e-mail addresses.’

Recipients who are not warned by the email’s poor English may be fooled into downloading the attached file which contains the worm.

Graham Cluley, senior technology consultant for Sophos, says that by posing as a security patch, the worm is playing on heightened concerns over security in the wake of Microsoft’s unpatched zero-day flaw in Internet Explorer.

‘The virus author is probably capitalising on people’s concerns about the Microsoft security hole, as the hole has not yet been fixed,’ he said.

‘The lesson to learn is that you should only ever get your security patches from vendors’ official web site, not from an unsolicited email.’

What do you think? Email us at feedback@computing.co.uk

Further reading:

Virus levels soar

Improve your XP security