Stration
Encyclopedia
Stration from the computer virus, can be described as something that starts small and grows pretty fast. It comes from a family of computer worm
s that can affect computer
s running Microsoft Windows
, disabling security features and propagating itself to other computers via e-mail attachment
s. This family of worms is unusual in that new variants are being produced at an unprecedented rate, estimated to be up to one every 30 minutes at its peak, and downloaded from remote server
s by infected machines to speed propagation. This makes detection and removal a particular challenge for anti-virus software vendors, because new signature files for each variant need to be issued to allow their software to detect them.
has worked with ISPs
to shut down domains
hosting the variants of the worm. In November 2006, the Stration worm was the most widespread malware infection reported, accounting for around one-third of reported infections.
The Stration worms employ social engineering
to infect the target machine by arriving in an e-mail masquerading as a report from a mail server informing the recipient (in somewhat broken English) that their computer is infected due to an unpatched security flaw in Windows, and offering as an attachment a purported fix, which is in fact the worm program itself. Some later variants of the worm spread via instant messenger and Skype
chat alerts containing a URL
leading to the worm.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
s that can affect computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
s running Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, disabling security features and propagating itself to other computers via e-mail attachment
E-mail attachment
An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images...
s. This family of worms is unusual in that new variants are being produced at an unprecedented rate, estimated to be up to one every 30 minutes at its peak, and downloaded from remote server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
s by infected machines to speed propagation. This makes detection and removal a particular challenge for anti-virus software vendors, because new signature files for each variant need to be issued to allow their software to detect them.
Details
The first variant of the Stration family was reported in late September 2006. It was quickly discovered that the worm program, as well as propagating itself by sending out copies via e-mail, was downloading new variants from one of a number of remote servers. These variants were generated by a program on those servers under control of the worm's creator(s). Computer security firm F-SecureF-Secure
F-Secure Corporation is an anti-virus and computer security software company based in Helsinki, Finland. The company has 18 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia...
has worked with ISPs
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
to shut down domains
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
hosting the variants of the worm. In November 2006, the Stration worm was the most widespread malware infection reported, accounting for around one-third of reported infections.
The Stration worms employ social engineering
Social engineering (security)
Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information...
to infect the target machine by arriving in an e-mail masquerading as a report from a mail server informing the recipient (in somewhat broken English) that their computer is infected due to an unpatched security flaw in Windows, and offering as an attachment a purported fix, which is in fact the worm program itself. Some later variants of the worm spread via instant messenger and Skype
Skype
Skype is a software application that allows users to make voice and video calls and chat over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system...
chat alerts containing a URL
Uniform Resource Locator
In computing, a uniform resource locator or universal resource locator is a specific character string that constitutes a reference to an Internet resource....
leading to the worm.