New worm pretends to be security patch

By | September 26, 2006

IT Security company Sophos has announced the discovery of a new version of the Stration worm spreading via email systems. The W32/Stratio-AN worm has been aggressively distributed by its author since the early hours of Monday morning. It spreads via email using a variety of disguises, including one which ironically poses as a warning that the recipient´s computer has been determined to be infected by a worm.

“This new offspring of the Stration worm is being seen widely at email gateways today, attempting to infect unsuspecting computer users,” said Graham Cluley, senior technology consultant for Sophos. “Anyone accessing their email has to learn to resist the temptation of opening unsolicited attachments, and ensure their anti-virus protection is kept fully up-to-date.”

Sophos experts believe that the worm is using the disguise of a worm warning to play on concern about an unpatched vulnerability in Microsoft´s software.

“Many Windows users are waiting anxiously for Microsoft to fix the VML flaw in its code, which has been exploited by hackers online,” continued Cluley. “It´s possible that the people behind the Stration worm are playing on the internet community´s heightened concern while they are left unprotected by Microsoft, and may be able to fool innocent users into rushing into running the malicious update. The lesson to learn is that you should only ever get your security patches from the vendors´ official website, not from an unsolicited email.”

Leave a Reply