high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Included in our products from | November 2006 (4.11) |
| Protection available since | 25 September 2006 08:09:54 (GMT) |
| Last updated | 27 September 2006 00:57:29 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Stratio-AN is a mass-mailing worm for the Windows platform.
Subject line:
Mail server report.
Message text:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Attached file:
Update-KB7859-x86.exe inside Update-KB7859-x86.zip
or
Subject lines include:
hello
Status
Server Report
picture
test
no message text
Attached files include:
doc.elm.pif inside doc.zip
message.msg.exe inside message.zip
readme.log.bat inside readme.zip
body.elm.pif inside body.zip
message.txt.pif inside message.zip
message.log.pif inside message.zip
W32/Stratio-AN is a mass-mailing worm for the Windows platform.
Subject line:
Mail server report.
Message text:
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
Attached file:
Update-KB7859-x86.exe inside Update-KB7859-x86.zip
or
Subject lines include:
hello
Status
Server Report
picture
test
no message text
Attached files include:
doc.elm.pif inside doc.zip
message.msg.exe inside message.zip
readme.log.bat inside readme.zip
body.elm.pif inside body.zip
message.txt.pif inside message.zip
message.log.pif inside message.zip
When run, W32/Stratio-AN copies itself to <Windows>\t2serv.exe.
W32/Stratio-AN sets the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
t2serv
<Windows>\t2serv.exe
W32/Stratio-AN disables the Service named "wuaserv".
|
