Aren’t we cheeky…
I was just about to head off to work when I did one last check of my email... and what do I see but an email with the subject 'Mail Server Report'... The address doesn't look familiar, but I've received a few of these lately from various mailing list submissions. This was the content of the email I opened:
----
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
----
I'm rather impressed.... these bastards are getting slicker and slicker.... or maybe this has been around for a while and I just don't pay much attention... Attached to the email was the file Update-KB8375-x86.zip.
I submitted the file to VirusTotal and here's what I got back:
| Antivirus | Version | Update | Result |
| AntiVir | 7.2.0.18 | 09.25.2006 | Worm/Stration.C |
| Authentium | 4.93.8 | 09.25.2006 | no virus found |
| Avast | 4.7.844.0 | 09.25.2006 | no virus found |
| AVG | 386 | 09.22.2006 | no virus found |
| BitDefender | 7.2 | 09.25.2006 | DeepScan:Generic.Stration.F614E1C9 |
| CAT-QuickHeal | 8.00 | 09.25.2006 | (Suspicious) - DNAScan |
| ClamAV | devel-20060426 | 09.25.2006 | no virus found |
| eTrust-InoculateIT | 23.73.4 | 09.24.2006 | Win32/Stration.Variant!Worm |
| eTrust-Vet | 30.3.3098 | 09.25.2006 | no virus found |
| DrWeb | 4.33 | 09.22.2006 | no virus found |
| Ewido | 4.0 | 09.25.2006 | no virus found |
| Fortinet | 2.82.0.0 | 09.25.2006 | suspicious |
| F-Prot | 3.16f | 09.25.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.25.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.25.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.25.2006 | no virus found |
| McAfee | 4858 | 09.22.2006 | New Malware.n |
| Microsoft | 1.1560 | 09.24.2006 | no virus found |
| NOD32v2 | 1.1774 | 09.25.2006 | a variant of Win32/Stration |
| Norman | 5.80.02 | 09.25.2006 | no virus found |
| Panda | 9.0.0.4 | 09.25.2006 | Suspicious file |
| Sophos | 4.09.0 | 09.25.2006 | W32/Stratio-AN |
| Symantec | 8.0 | 09.25.2006 | no virus found |
| TheHacker | 6.0.1.079 | 09.25.2006 | no virus found |
| UNA | 1.83 | 09.22.2006 | no virus found |
| VBA32 | 3.11.1 | 09.25.2006 | no virus found |
| VirusBuster | 4.3.7:9 | 09.25.2006 | Trojan.Opnis.Gen!Pac2 |
| Aditional Information |
| File size: 116144 bytes |
| MD5: 633f4b2991ebdfd9e1611f4ec841a687 |
| SHA1: bb77b78d54c8319caba19302f25ea72135797e18 |
It's great to know that Symantec (one of the more favoured corporate AVs) and AVG (a very popular Free scanner) knew nothing of this virus yet.... If anyone is interested in the file for research or just to play with, let me know
Peace,
HT