Subscribe to RSS feeds


Mar28
by Carolyn Guevarra (Technical Communications)

A set of STRATION codes has been discovered attempting to spread through Skype. An earlier version of this variant was initially seen in late February, the first time when the said malware family reportedly used Skype for its infection medium.


Skype users may receive a message that looks something like this:


Check up on this: {malicious URL}

It uses social engineering techniques to trick users into clicking the malicious link, thus setting off its infection cycle. When the malicious URL is accessed, the user is redirected to a Web site that hosts a malicious file. When this file is run, it downloads several other malicious files — most probably other STRATION variants — on the affected computer. It also sends the same message to the affected user’s Skype contacts.


Additionally, it attempts to connect to a Yahoo! mail server to send an SMTP message. However, the said server is currently down. It may also open a backdoor on the affected computer, compromising the system’s security.


Trend Micro already detects some samples related to this variant as WORM_WAREZOV.AP, WORM_STRATION.EU, WORM_STRATION.EV, and TROJ_AGENT.FYS. Users are advised not to click on links from suspicious messages, even if received from a known source.




No Responses to “STRAT struts its stuff via Skype”

  1. SkypeNow » Google Alert - skype blog Says:

    [...] … Rosie Sherry - a blog on software… - http://www.rosiesherry.com/blog/show/HomePage STRAT struts its stuff via Skype By Carolyn Guevarra A set of STRATION codes has been discovered attempting to spread through [...]



© Copyright 2008 Trend Micro IncAll rights reserved. Legal Notice