Worm spreads in the guise of a Security Update
Posted on 10.04.2007
Security experts at MicroWorld Technologies warn that a worm named ‘Win32.Warezov.ms’ is spreading via spammed emails, disguised as system generated security warnings from the email service provider.
 
The smartly crafted mail is a good specimen of clever Social Engineering adopted by present day malware authors. It goes as follows;
 
Dear Customer,
 
Our robot has fixed an abnormal activity from your IP address on sending e-mails. Probably it is connected with the last epidemic of a Worm which does not have patches at the moment. We recommend you to install a firewall module and it will stop e-mail sending. Otherwise your account will be blocked until you do not eliminate malfunction.
 
Customer support center robot.

 
“Some recipients will definitely be stupefied by the ‘System Generated’ appearance of the mail,” says Govind Rammurthy, CEO of MicroWorld Technologies. “Their deluded reflex would tell them that it’s originating from a machine and not created by a human being, which would benumb their ability to smell the rat. That is the very moment the malware writer was hoping for, to slip his malicious file into the victim’s computer”.
 
The Warazov worm - also known as Stration - is an exe file that appears as a legitimate Windows patch. This variant is a Trojan downloader which brings in malicious files into the compromised computer by contacting various websites via HTTP. Coming with its own SMTP engine, it harvests email addresses from the victim’s address book and sends its copy to all those user ids.
 
“The Warezov family has been a permanent fixture at most Top Ten Virus charts for six months in a row now. The malware creator’s strategy is to release countless variants of the worm with slight modifications in code to confuse AntiVirus engines. We combat this menace by incorporating an advanced Intentional and Behavioral analysis that nails down the worm, what ever may its attire be,” says Govind Rammurthy.





Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //